CPSs are composed of two interdependent layers. One is the cyber layer, and the other is the physical layer. The physical system becomes vulnerable as there are growing connectivity and integration between the cyber and the physical systems. Traditional IT solutions are not sufficient to protect the CPS from increasingly sophisticated cyber attacks. This chapter introduces the conceptual frameworks for cross-layer CPS design to improve the security at the cyber layer and the resiliency at the physical layer in a holistic manner. Based on the general conceptual framework, this chapter introduces two methodologies to design secure and resilient CPS. The first one builds an integrated framework bridging cryptography for data privacy and integrity with control theory for stabilizing the physical systems. The cross-layer design enables the cryptographic solution to be aware of its impact on the physical systems and the control-theoretic design to be aware of the consequences of cryptographic solutions. The second one provides a unified design paradigm using game theory. Game theory provides a rich class of models that can be used to capture multiple types of interactions. It can be used to model the adversarial behaviors and their interactions with the cyber defense, as well as the optimal robust control design under worst-case disturbances. The game-theoretic unification of the models at the cyber and the physical layers naturally leads to a holistic cross-layer design framework. This chapter introduces the concepts of games-in-games, or meta-game to describe the system-of-systems modeling of CPSs. We extend the cross-layer framework from a complete observation paradigm to a partially observable one. We will use multiple CPS application domains to illustrate the two cross-layer design methodologies.