Boost procurement power with Easterly Pitches for Cybersecurity enforcement.

Article Summary

TLDR:

– CISA Director Jen Easterly highlights the importance of using procurement power to enforce cybersecurity standards for software vendors.
– The release of a secure software development attestation form by CISA and OMB is a critical step towards securing the software supply chain.

Article Summary:

The head of the Cybersecurity and Infrastructure Security Agency (CISA), Jen Easterly, emphasized the significant role that the Federal government can play in mandating security standards for software vendors through the procurement process. Easterly spoke at the GovernmentDX event in D.C., highlighting the power of procurement in enforcing cybersecurity measures. The release of a secure software development attestation form by CISA and the Office of Management and Budget (OMB) last month is a key development in ensuring that Federal contractors provide secure products to the government.

The secure software attestation form, a result of extensive stakeholder and industry engagement, aligns with President Biden’s 2021 cybersecurity executive order aiming to enhance the security of the software supply chain. Furthermore, an OMB directive issued in September 2022 requires Federal agencies to comply with National Institute of Standards and Technology guidance on software security. Federal agencies have six months from the finalization of the form to start collecting attestations for all third-party software.

Easterly also emphasized the importance of secure-by-design technology, urging companies and application developers to prioritize security in all aspects of software development. CISA’s secure-by-design guidelines, released a year ago, provide clear steps for technology providers to increase the safety of their products globally. The focus on security by design is crucial not only for effective operations but also for resilience in the face of cyber threats.

In conclusion, Easterly underscored the necessity of prioritizing security in the face of evolving threats from adversaries. By emphasizing security and fostering partnerships, the government and private sector can work together to ensure the continued operation and protection of critical services relied upon by all Americans.

Post Views: 80

Latest from Blog

Financial sector prime target for DDoS attacks, Akamai study finds

TLDR: – Financial services sector remains the top target for DDoS attacks for the second consecutive year – APJ region faces significant cybersecurity challenges with a high threat score for phishing A

Watch out for serverless architecture’s cybersecurity risks for businesses

Serverless Architecture and Cybersecurity Risks TLDR: Move towards serverless architecture presents new security challenges Threat actors are exploring vulnerabilities in serverless environments Today’s cybersecurity landscape is rapidly evolving with the adoption of