New CISA tool seeks to bolster software acquisition security

Infosecurity Magazine reports that the Cybersecurity and Infrastructure Security Agency is moving to improve cybersecurity practices in the software procurement process with its new free Software Acquisition Guide: Supplier Response Web Tool. IT leaders, procurement officers, and software providers could leverage the tool which expands on the agency's Software Acquisition Guide for Government Enterprise Consumers: Software Assurance in the Cyber-Supply Chain Risk Management Lifecycle to ensure adherence to secure-by-design and secure-by-default principles, according to CISA. Aside from including sections tailored to the input of its users and emphasizing relevant and contextualized queries, such a tool also produces summaries usable by information security leaders, as well as enables stronger due diligence amid the increasing prevalence of software vulnerabilities. "This tool demonstrates CISA's commitment to offering practical, free solutions for smarter, more secure software procurement. Transforming the Software Acquisition Guide into an interactive format simplifies integrating cybersecurity into every step of procurement," said CISA Director of Public Affairs Marci McCarthy.