CyberSecurityBoard
Sponsor Register Login

CISA Issues Request For Information on Secure by Design Software Whitepaper

WASHINGTON - Today, the Cybersecurity and Infrastructure Security Agency published a Request for Information from all interested parties on secure by design software practices, including the Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Secure by Design Software whitepaper, as part of our ongoing, collective secure by design campaign across the globe.
Our goal to drive toward a future where technology is safe and secure by design requires action by every technology manufacturer and clear demand by every customer, which in turn requires us to rigorously seek and incorporate input.
The President's National Cybersecurity Strategy calls for a fundamental shift in responsibility for security from the customer to software manufacturers, and input from this RFI will help us define our path ahead, including updates to our joint seal Secure by Design whitepaper.
Co-sealed by 18 U.S. and international agencies, our recent Secure by Design guidance strongly encourages every software manufacturer to build products in a way that reduces the burden of cybersecurity on customers.
More recently, CISA launched a new series of Secure by Design Alerts outlining the real-world harms that result from technology products that are not secure by design.
With our partners, CISA encourages technology manufacturers and all interested stakeholders to review the Request for Information and provide written comment on or before 20 February 2024.
Instructions for submitting comment are available in the Request for Information.
The feedback on our current analysis or approaches will help inform future iterations of the whitepaper and our collaborative work with the global community.
To learn more about Secure by Design, visit our webpage.
About CISA. As the nation's cyber defense agency and national coordinator for critical infrastructure security, CISA leads the national effort to understand, manage, and reduce risk to the digital and physical infrastructure Americans rely on every hour of every day.


This Cyber News was published on www.cisa.gov. Publication date: Wed, 20 Dec 2023 19:43:04 +0000


Cyber News related to CISA Issues Request For Information on Secure by Design Software Whitepaper

CISA Issues Request For Information on Secure by Design Software Whitepaper - WASHINGTON - Today, the Cybersecurity and Infrastructure Security Agency published a Request for Information from all interested parties on secure by design software practices, including the Shifting the Balance of Cybersecurity Risk: Principles and ...
1 year ago Cisa.gov
Cybersecurity for Art and Design Schools - In the digital age, art and design schools face unique cybersecurity challenges. This article aims to shed light on the importance of cybersecurity in art and design schools and provide insights into safeguarding digital portfolios and ensuring ...
1 year ago Securityzap.com
CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog - CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog. CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog. CISA adds ...
9 months ago Securityaffairs.com
CISA pledges to resolve issues with threat sharing system after watchdog report - On Friday, the Department of Homeland Security’s Office of the Inspector General published a report on Automated Indicator Sharing (AIS) — which was used to spread cyber threat intelligence and was mandated as part of a 2015 law. The nation’s ...
5 months ago Therecord.media
'Secure by design' makes waves at RSA Conference 2024 - Secure by design refers to the principle that software should be developed with security in mind through established development frameworks and best practices. Though the concept is far from new, the approach has been featured in multiple different ...
10 months ago Techtarget.com
Enabling Threat-Informed Cybersecurity: Evolving CISA's Approach to Cyber Threat Information Sharing - One of CISA's most important and enduring roles is providing timely and actionable cybersecurity information to our partners across the country. Nearly a decade ago, CISA stood up our Automated Indicator Sharing, or AIS, program to widely exchange ...
1 year ago Cisa.gov
CISA's OT Attack Response Team Understaffed: GAO - The US Government Accountability Office has conducted a study focusing on the operational technology cybersecurity products and services offered by CISA and found that some of the security agency's teams are understaffed. OT environments continue to ...
11 months ago Securityweek.com
GenAI development should follow secure-by-design principles - Given how dangerous the gold rush was and how long it took to incorporate safety measures, the time is now for organizations using GenAI to follow secure-by-design principles and follow CISA's example. Beyond writing faux movie scripts and passing ...
1 year ago Techtarget.com
CISA Seeks Public Comment on Newly Developed Secure Configuration Baselines for Google Workspace - As federal civilian agencies continue to modernize IT enterprises, increased reliance on cloud services, platform services, and external providers has introduced new types of risks. Recent threat activity from groups such as Storm-0558 have ...
1 year ago Cisa.gov Cuba
CISA, NCSC Offer a Road Map, Not Rules, in New Secure AI Guidelines - The Guidelines - co-sealed by 23 domestic and international cybersecurity organizations - build on ongoing White House efforts to mitigate AI risk and the secure-by-design philosophy. They provide an outline for building security into AI systems, but ...
1 year ago Darkreading.com
Securing Tomorrow: A Recap of CISA's Cyber Resilient 911 Symposium - CISA's Emergency Communications Division spearheaded the Cyber Resilient 911 Program's fourth regional symposium, which included CISA Regions 5 and 7. Among the attendees were state 911 administrators, representatives from 911 centers, IT/cyber ...
9 months ago Cisa.gov
ASD's ACSC, CISA, and Partners Release Secure by Design Guidance on Choosing Secure and Verifiable Technologies - This guidance was crafted to provide organizations with secure by design considerations when procuring digital products and services. The guidance contains a range of internal and external considerations and offers sample questions to leverage at ...
10 months ago Cisa.gov
Open Design Alliance Drawing SDK - RISK EVALUATION. Successful exploitation of this vulnerability could allow remote attackers to disclose sensitive information on affected installations of ODA Drawing SDK. 3. Open Design Alliance's Drawing SDK prior to Version 2024.1 is vulnerable to ...
1 year ago Cisa.gov CVE-2023-26495 CVE-2023-22669 CVE-2023-22670
Cybersecurity Performance Goals: Assessing How CPGs Help Organizations Reduce Cyber Risk - In October 2022, CISA released the Cybersecurity Performance Goals to help organizations of all sizes and at all levels of cyber maturity become confident in their cybersecurity posture and reduce business risk. Earlier this summer, CISA outlined ...
1 year ago Cisa.gov
The Crucial Need for a Secure Software Development Lifecycle in Today's Digital Landscape - In today's increasingly digital world, software is the backbone of business operations, from customer-facing applications to internal processes. The rapid growth of software development has also made organizations more vulnerable to security threats. ...
1 year ago Cyberdefensemagazine.com
Understanding zero-trust design philosophy and principles - In this Help Net Security interview, Phil Vachon, Head of Infrastructure in the Office of the CTO at Bloomberg, discusses the varying definitions of zero trust among security professionals and companies, emphasizing its broad design philosophy. ...
1 year ago Helpnetsecurity.com
CISA confirms compromise of its Ivanti systems - CISA confirmed two of its internal systems were breached by a threat actor that exploited flaws in Ivanti products used by the U.S. cybersecurity agency. Ivanti on Jan. 10 disclosed two zero-day vulnerabilities that were under exploitation by a ...
11 months ago Techtarget.com CVE-2023-46805 CVE-2024-21887
CISA Finalizes Microsoft 365 Secure Configuration Baselines - When CISA initiated its Secure Cloud Business Applications project, our goal was to elevate the federal government's baseline for email and cloud environments by optimizing the security capabilities available within widely used products and services ...
1 year ago Cisa.gov Cuba
CISA Releases Key Risk and Vulnerability Findings for Healthcare and Public Health Sector - WASHINGTON - The Cybersecurity and Infrastructure Security Agency published a Cybersecurity Advisory, Enhancing Cyber Resilience: Insights from the CISA Healthcare and Public Health Sector Risk and Vulnerability Assessment, detailing the agency's key ...
1 year ago Cisa.gov
CISA Hosts Second Cyber Resilient 911 Symposium - CISA's Emergency Communications Division led the Cyber Resilient 911 Program's second regional symposium in the Southeast, which included CISA regions 4 and 6 as well as Delaware, Puerto Rico, West Virginia, and the U.S. Virgin Islands. Attendees ...
1 year ago Cisa.gov
Mitsubishi Electric FA Engineering Software Products - RISK EVALUATION. Successful exploitation of this vulnerability could allow a malicious attacker to execute malicious code by tricking legitimate users to open a specially crafted project file, which could result in information disclosure, tampering ...
1 year ago Cisa.gov CVE-2023-5247
CISA Has a New Road Map for Handling Weaponized AI - Last month, a 120-page United States executive order laid out the Biden administration's plans to oversee companies that develop artificial intelligence technologies and directives for how the federal government should expand its adoption of AI. At ...
1 year ago Wired.com
What Is Software Piracy? - Software piracy has become a worldwide issue, with China, the United States and India being the top three offenders. In 2022, 6.2% of people worldwide visited software piracy websites. Software piracy doesn't require a hacker or skilled coder. Any ...
1 year ago Pandasecurity.com
EuroTel ETL3100 Radio Transmitter - RISK EVALUATION. Successful exploitation of these vulnerabilities could allow an unauthenticated attacker to gain full access to the system, disclose sensitive information, or access hidden resources. EuroTel ETL3100 versions v01c01 and v01x37 does ...
1 year ago Cisa.gov CVE-2023-6928 CVE-2023-6929 CVE-2023-6930
Secure Workload and Secure Firewall: The recipe for a robust zero trust cybersecurity strategy - You hear a lot about zero trust microsegmentation these days and rightly so. While a host-based enforcement approach is immensely powerful because it provides access to rich telemetry in terms of processes, packages, and CVEs running on the ...
1 year ago Feedpress.me

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)