Today, CISA and the Federal Bureau of Investigation (FBI) have released Secure by Demand Guide: How Software Customers Can Drive a Secure Technology Ecosystem to help organizations drive a secure technology ecosystem by ensuring their software manufacturers prioritize secure technology from the start.
An organization’s acquisition staff often has a general understanding of the core cybersecurity requirements for a particular technology acquisition. However, they frequently don’t assess whether a given supplier has practices and policies in place to ensure that security is a core consideration from the earliest stages of the product development lifecycle.
This guide provides organizations with questions to ask when buying software, considerations to integrate product security into various stages of the procurement lifecycle, and resources to assess product security maturity in line with secure by design principles.
This guide compliments the “Software Acquisition Guide for Government Enterprise Consumers: Software Assurance in the Cyber-Supply Chain Risk Management (C-SCRM) Lifecycle” that was recently published.
CISA encourages organizations to review both the Secure by Demand Guide and Software Acquisition Guide and implement recommended actions.
Today, CISA published the Framing Software Component Transparency, created by the Software Bill of Materials (SBOM) Tooling…
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of…
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of…
CISA, through the Joint Cyber Defense Collaborative (JCDC), enabled swift, coordinated response and information sharing…
CISA released three Industrial Control Systems (ICS) advisories on October 29, 2024. These advisories provide…
CISA has received multiple reports of a large-scale spear-phishing campaign targeting organizations in several sectors,…
This website uses cookies.