Today, CISA and the Federal Bureau of Investigation (FBI) have released Secure by Demand Guide: How Software Customers Can Drive a Secure Technology Ecosystem to help organizations drive a secure technology ecosystem by ensuring their software manufacturers prioritize secure technology from the start.
An organization’s acquisition staff often has a general understanding of the core cybersecurity requirements for a particular technology acquisition. However, they frequently don’t assess whether a given supplier has practices and policies in place to ensure that security is a core consideration from the earliest stages of the product development lifecycle.
This guide provides organizations with questions to ask when buying software, considerations to integrate product security into various stages of the procurement lifecycle, and resources to assess product security maturity in line with secure by design principles.
This guide compliments the “Software Acquisition Guide for Government Enterprise Consumers: Software Assurance in the Cyber-Supply Chain Risk Management (C-SCRM) Lifecycle” that was recently published.
CISA encourages organizations to review both the Secure by Demand Guide and Software Acquisition Guide and implement recommended actions.
Systems Affected This vulnerability affects the following Microsoft Windows operating systems by default: Microsoft Windows…
CISA, in partnership with Federal Bureau of Investigation, the National Security Agency, Department of Energy,…
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence…
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence…
CISA and the Australian Signals Directorate’s Australian Cyber Security Centre, in collaboration with federal and international…
The Cybersecurity and Infrastructure Security Agency (CISA) is aware of ongoing intrusions by People’s Republic…
This website uses cookies.