CISA releases software acquisition guide developed by supply chain task force

The Cybersecurity and Infrastructure Security Agency has released a guide to assist government officials and the private sector with purchasing secure software, developed through a public-private task force addressing supply chain risk management issues.

“Customers (agency mission owners, their acquisition and procurement organizations, and enterprise risk owners such as CIOs and CISOs) may use this guide as a reference for describing, assessing, and measuring suppliers’ security practices relative to the software life cycle,” CISA says in the publication released...