The US Cybersecurity and Infrastructure Security Agency (CISA) has created a new set of guidelines to help businesses evaluate software manufacturers’ security procedures.
A new guideline has been developed by the US Cybersecurity and Infrastructure Security Agency (CISA) to improve the way that enterprises assess the security practices of software manufacturers.
The guidelines stress how crucial it is to give product security top priority when purchasing software, as opposed to concentrating only on an enterprise security feature offered by a manufacturer. The organization emphasized the significance of this strategy in guarding against ransomware and other online dangers.
“This guide provides organizations with questions to ask when buying software, considerations to integrate product security into various stages of the procurement lifecycle, and resources to assess product security maturity in line with secure by design principles,” said CISA.
In order to achieve this “secure by design” mentality, manufacturers must make security a top priority and adhere to the established principles of CISA, which include maintaining transparency, cultivating leadership, and accepting accountability for customer security outcomes.
Nowadays, a lot of businesses focus on internal infrastructure protection and other corporate security compliance criteria.
“An organization’s acquisition staff often has a general understanding of the core cybersecurity requirements for a particular technology acquisition,” CISA stated. “However, they frequently don’t assess whether a given supplier has practices and policies in place to ensure that security is a core consideration from the earliest stages of the product development lifecycle.”
The handbook emphasizes the necessity of changing the focus to assessing how software developers make sure their products are secure against cyberattacks. It offers doable procedures for incorporating product security into the buy lifecycle at each stage: prior to, during, and following the transaction.
For example, companies should find out the manufacturer’s security policy prior to making a purchase. Contracts should include security criteria during the procurement process. It is recommended to regularly evaluate the manufacturer’s product security after purchase.
The advice also emphasizes how critical it is to fix systemic weaknesses, support multifactor authentication (MFA), and get rid of default passwords. It recommends that software providers show prompt vulnerability reporting, preserve thorough records of third-party dependencies, and offer proof of security logs.
Also read: Achieving Rapid Outcomes with AI-Driven Cloud Analytics
Do Follow: CIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter
About us:
CIO News is the premier platform dedicated to delivering the latest news, updates, and insights from the CIO industry. As a trusted source in the technology and IT sector, we provide a comprehensive resource for executives and professionals seeking to stay informed and ahead of the curve. With a focus on cutting-edge developments and trends, CIO News serves as your go-to destination for staying abreast of the rapidly evolving landscape of technology and IT. Founded in June 2020, CIO News has rapidly evolved with ambitious growth plans to expand globally, targeting markets in the Middle East & Africa, ASEAN, USA, and the UK.
CIO News is a proprietary of Mercadeo Multiventures Pvt Ltd.