A program manager for the Cybersecurity and Infrastructure Security Agency said ongoing threat vigilance is needed post-implementation of the agency’s Secure by Design framework.