Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

USA: CISA publishes Secure by demand Guide on software acquisition

On August 6, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) published the Secure by Demand Guide: How Software Customers Can Drive a Secure Technology Ecosystem. In particular, the guide highlights cybersecurity software acquisition considerations for organizations buying software.

The guide outlines how organizations can integrate product security considerations before, during, and following procurement.

The guide details software manufacturer questions that should be addressed, including:

  • whether the product supports secure authentication;
  • how the software manufacturer addresses software defects across its products, and what classes of vulnerability have been addressed;
  • evidence of intrusions and the availability of security logs to customers;
  • information on software supply chain security, including provenance data of third party dependencies and processes for governing the use of, contributions to, and open source software components; and
  • whether the software manufacturer demonstrates transparency and timeliness in vulnerability reports for on-premises and cloud products.

You can read the press release here and the guide here.