NSA and CISA share best practices for securing the software supply chain

Share post:

The National Security Agency (NSA), whose cybersecurity division prevents and eliminates threats to American security systems, the Cybersecurity and Infrastructure Security Agency (CISA), an agency that improves the security, resilience, and reliability of America’s cybersecurity and communications infrastructure, and the Office of the Director of National Intelligence (ODNI) have all communicated a set of recommended strategies that software vendors can implement.

This guidance was issued in response to a number of recent high-profile cyber attacks, including the SolarWinds hack that exposed flaws in the software supply chain that state-backed threat actors can easily exploit.

The guidelines include software protection, which states that all forms of code should be protected from unauthorized access and manipulation and that the principle of least privilege should be applied throughout the Software Development Life Cycle to ensure that the code supplied to customers contains all the necessary security features and that these features work as intended.

Another is to develop well-secured software that mitigates security risks and enables them to deliver software that allows a customer to access only the information and resources for which he is authorized, while preventing access to unauthorized information and resources.

Other tasks include ensuring that third-party vendors meet security requirements, configuring compilation and build processes, analyzing human-readable code, testing executable code, configuring software with default settings, and responding to vulnerabilities.

Following the publication of the first chapter in September with guidelines for software developers focusing on software vendors and customers, the parties involved will issue one more advisory focused on customers acquiring organizations that are part of the life cycle of the software supply chain.

The sources for this piece include an article in BleepingComputer.

SUBSCRIBE NOW

Related articles

Payment gateway breach exposes 1.7 million credit card holders

Slim CD, a payment gateway provider, recently disclosed a significant data breach that impacted nearly 1.7 million credit...

AI Healthcare Firm Exposes 5.9 TB of Sensitive Mental Health Data

In a significant data security incident, Confidant Health, a Texas-based AI healthcare platform, inadvertently exposed 5.3 terabytes of...

Cyber Security Today – Week In Review for September 7, 2024

Cyber Security Today - Weekend Edition: Toronto School Board Hack, MoveIT Breach & Data Privacy Concerns This weekend edition...

You’re not crazy – your smart phone could be listening to you

If you have every heard someone say that they'd just had a conversation on their smart phone only...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways