CyberSecurityBoard
Sponsor Register Login

CISA Issues Guidance to Improve Software Procurement Security

The Cybersecurity and Infrastructure Security Agency (CISA) has released new guidance aimed at enhancing the security of software procurement processes. This initiative addresses the growing risks associated with software supply chain attacks, emphasizing the need for organizations to adopt stringent security measures when acquiring software. The guidance outlines best practices for evaluating software vendors, assessing security risks, and implementing robust controls to mitigate potential threats. It highlights the importance of verifying software integrity, conducting thorough risk assessments, and maintaining continuous monitoring throughout the software lifecycle. CISA's recommendations also encourage collaboration between public and private sectors to strengthen overall cybersecurity posture. By following these guidelines, organizations can better protect themselves against vulnerabilities introduced through third-party software and reduce the likelihood of successful cyberattacks. This proactive approach is critical in today's threat landscape, where attackers increasingly exploit software supply chains to gain unauthorized access and cause widespread disruption. The guidance serves as a valuable resource for cybersecurity professionals seeking to enhance their software procurement strategies and safeguard their digital assets.

This Cyber News was published on www.infosecurity-magazine.com. Publication date: Wed, 27 Aug 2025 16:30:03 +0000


Cyber News related to CISA Issues Guidance to Improve Software Procurement Security

25 Best Managed Security Service Providers (MSSP) - 2025 - Pros & Cons: ProsConsStrong threat intelligence & expert SOCs.High pricing for SMBs.24/7 monitoring & rapid incident response.Complex UI and steep learning curve.Flexible, scalable, hybrid deployments.Limited visibility into endpoint ...
2 months ago Cybersecuritynews.com
CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog - CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog. CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog. CISA adds ...
1 year ago Securityaffairs.com
CISA Issues Guidance to Improve Software Procurement Security - The Cybersecurity and Infrastructure Security Agency (CISA) has released new guidance aimed at enhancing the security of software procurement processes. This initiative addresses the growing risks associated with software supply chain attacks, ...
6 days ago Infosecurity-magazine.com
CISA pledges to resolve issues with threat sharing system after watchdog report - On Friday, the Department of Homeland Security’s Office of the Inspector General published a report on Automated Indicator Sharing (AIS) — which was used to spread cyber threat intelligence and was mandated as part of a 2015 law. The nation’s ...
11 months ago Therecord.media
CISA's OT Attack Response Team Understaffed: GAO - The US Government Accountability Office has conducted a study focusing on the operational technology cybersecurity products and services offered by CISA and found that some of the security agency's teams are understaffed. OT environments continue to ...
1 year ago Securityweek.com
Top 30 Best Penetration Testing Tools - 2025 - The tool supports various protocols and offers advanced filtering and analysis capabilities, making it ideal for diagnosing network issues, investigating security incidents, and understanding complex network interactions during penetration testing. ...
5 months ago Cybersecuritynews.com
McCaffrey Joins 'ASTORS' Champion SIMS Software Board of Advisors - SIMS Software, the leading provider of security information management software to the government and defense industries - and the 2023 Platinum 'ASTORS' Award Champion for Best Security Workforce Management Solution, is delighted to announce that ...
1 year ago Americansecuritytoday.com PLATINUM
Enabling Threat-Informed Cybersecurity: Evolving CISA's Approach to Cyber Threat Information Sharing - One of CISA's most important and enduring roles is providing timely and actionable cybersecurity information to our partners across the country. Nearly a decade ago, CISA stood up our Automated Indicator Sharing, or AIS, program to widely exchange ...
1 year ago Cisa.gov
ASD's ACSC, CISA, and Partners Release Secure by Design Guidance on Choosing Secure and Verifiable Technologies - This guidance was crafted to provide organizations with secure by design considerations when procuring digital products and services. The guidance contains a range of internal and external considerations and offers sample questions to leverage at ...
1 year ago Cisa.gov
Cybersecurity Performance Goals: Assessing How CPGs Help Organizations Reduce Cyber Risk - In October 2022, CISA released the Cybersecurity Performance Goals to help organizations of all sizes and at all levels of cyber maturity become confident in their cybersecurity posture and reduce business risk. Earlier this summer, CISA outlined ...
1 year ago Cisa.gov
What Is Software Piracy? - Software piracy has become a worldwide issue, with China, the United States and India being the top three offenders. In 2022, 6.2% of people worldwide visited software piracy websites. Software piracy doesn't require a hacker or skilled coder. Any ...
1 year ago Pandasecurity.com
CISA Finalizes Microsoft 365 Secure Configuration Baselines - When CISA initiated its Secure Cloud Business Applications project, our goal was to elevate the federal government's baseline for email and cloud environments by optimizing the security capabilities available within widely used products and services ...
1 year ago Cisa.gov Cuba
Siemens SCALANCE and RUGGEDCOM M-800/S615 Family - As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT ...
1 year ago Cisa.gov CVE-2023-44317 CVE-2023-49692
20 Best Endpoint Management Tools - 2025 - What is Good?What Could Be Better?Comprehensive endpoint security against many threats.The user interface may overwhelm some users.Machine learning for real-time threat detection.Integration with existing systems may be complex.A central management ...
4 months ago Cybersecuritynews.com
Modern DevSecOps - DevSecOps - a fusion of development, security, and operations - emerged as a response to the challenges of traditional software development methodologies, particularly the siloed nature of development and security teams. DevSecOps aims to break down ...
1 year ago Feeds.dzone.com
EuroTel ETL3100 Radio Transmitter - RISK EVALUATION. Successful exploitation of these vulnerabilities could allow an unauthenticated attacker to gain full access to the system, disclose sensitive information, or access hidden resources. EuroTel ETL3100 versions v01c01 and v01x37 does ...
1 year ago Cisa.gov CVE-2023-6928 CVE-2023-6929 CVE-2023-6930
Optigo Networks ONS-S8 Spectra Aggregation Switch | CISA - CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial ...
11 months ago Cisa.gov CVE-2024-41925 CVE-2024-45367
NSA Issues Guidance on Incorporating SBOMs to Improve Cybersecurity - The National Security Agency has published new guidance to help organizations incorporate software bills of materials and mitigate supply chain risks. In May 2021, the White House issued a cybersecurity executive order, mandating the use of SBOMs for ...
1 year ago Securityweek.com
New "MITRE ATT&CK-like" framework outlines software supply chain attack TTPs - A new open framework seeks to outline a comprehensive and actionable way for businesses and security teams to understand attacker behaviors and techniques specifically impacting the software supply chain. The Open Software Supply Chain Attack ...
2 years ago Csoonline.com
Mitsubishi Electric FA Engineering Software Products - RISK EVALUATION. Successful exploitation of this vulnerability could allow a malicious attacker to execute malicious code by tricking legitimate users to open a specially crafted project file, which could result in information disclosure, tampering ...
1 year ago Cisa.gov CVE-2023-5247
Insights from CISA HPH Sector Risk and Vulnerability Assessment - In an ever-evolving digital landscape, the healthcare and public health sector faces increasing cybersecurity challenges. The United States Cybersecurity and Infrastructure Security Agency recently conducted a Risk and Vulnerability Assessment, ...
1 year ago Securityboulevard.com
Cyber Security Managed Services 101 - Benefits of an MSP. Maximizing efficiency. Cyber threats and cyberattacks like ransomware targeting SMBs continue to increase in part because malicious actors realize these organizations don't have the means or manpower for security teams. Even ...
2 years ago Trendmicro.com
Microsoft Security Copilot improves speed and efficiency for security and IT teams - First announced in March 2023, Microsoft Security Copilot-Microsoft's first generative AI security product-has sparked major interest. With the rapid innovations of Security Copilot, we have taken this solution beyond security operations use cases ...
1 year ago Microsoft.com
CISA to Congress: US Under Threat of Chemical Attacks - CISA warned this week that facilities maintaining dangerous chemicals across the US are no longer receiving adequate security support. Compared with such industries as energy, water, and telecoms, cybersecurity professionals tend to be less au ...
1 year ago Darkreading.com
Securing Tomorrow: A Recap of CISA's Cyber Resilient 911 Symposium - CISA's Emergency Communications Division spearheaded the Cyber Resilient 911 Program's fourth regional symposium, which included CISA Regions 5 and 7. Among the attendees were state 911 administrators, representatives from 911 centers, IT/cyber ...
1 year ago Cisa.gov

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)