The Cybersecurity and Infrastructure Security Agency has introduced the Software Acquisition Guide: Supplier Response Web Tool, an interactive web tool aimed at enhancing secure software supply chain procurement.
CISA is a DHS agency. Register for the Potomac Officers Club’s 2025 Homeland Security Summit to learn about various programs, initiatives, and other key developments meant to bolster homeland security against emerging threats.
Table of Contents
Strengthening Cybersecurity in Software Acquisition
CISA said Tuesday the new tool is intended to enable IT leaders, procurement experts and software suppliers to reinforce the cybersecurity protocols utilized during end-to-end software acquisition. The tool aims to provide a user-friendly digital platform that optimizes software assurance and supplier risk assessments. It expands on the “Software Acquisition Guide for Government Enterprise Consumers: Software Assurance in the Cyber-Supply Chain Risk Management Lifecycle.”
The web tool advances secure-by-design and secure-by-default principles by reformatting the Software Acquisition Guide into adaptive sections that assist users based on their needs and enable them to focus on relevant questions for their specific procurement. It also provides shareable summaries for CISOs, CIOs and other key executives while enhancing due diligence for more secure acquisitions.
Remarks From CISA Executive
“This tool demonstrates CISA’s commitment to offering practical, free solutions for smarter, more secure software procurement. Transforming the Software Acquisition Guide into an interactive format simplifies integrating cybersecurity into every step of procurement,” said CISA Director of Public Affairs Marci McCarthy.
Related Articles
The National Institute of Standards and Technology has finalized changes to its catalog of security and privacy controls to help improve the security of software updates and patches. NIST said Wednesday the revised Special Publication 800-53, Security and Privacy Controls for Information Systems and Organizations, was issued in response to an executive order aimed at strengthening U.S. cybersecurity. “The changes are intended to emphasize secure software development practices, and to help organizations understand their role in ensuring the security of the software on their systems,” said Victoria Pillitteri, a computer scientist at NIST who led the project. “Ultimately, we want
One of the Department of the Air Force’s prototype platforms for the Collaborative Combat Aircraft, or CCA, program performed its inaugural flight at a test location in California as it transitions to the flight testing phase. The Air Force said Wednesday it developed the CCA platform, YFQ-42A, with General Atomics. Achieving Development Milestone in Air Force’s Collaborative Combat Aircraft Program “This milestone showcases what’s possible when innovative acquisition meets motivated industry,” said Secretary of the Air Force Troy Meink. “In record time, CCA went from concept to flight — proving we can deliver combat capability at speed when we clear
The Defense Counterintelligence and Security Agency is preparing to migrate the Defense Information System for Security to the cloud this weekend, a move that marks a significant milestone in its broader 2025–2030 Information Technology Strategic Plan. The transition is part of the “Cloud Smart” strategy under the National Background Investigation Services program and aligns with the Department of Defense’s emphasis on leveraging cloud computing to strengthen mission capabilities, streamline operations and enhance customer experience, DCSA said Wednesday. “These migrations and modernization efforts will offer improved access for federal agencies, enhanced security features and streamlined clearance verification processes,” said Lindley Earl,