Connect with us

Business

Latest Guidance Outlines Customer Responsibilities for Software Security

Published

on

The guide provides recommendations throughout the product lifecycle, from procurement to deployment.

Several agencies published the last part in a series about securing the software supply chain, this time focusing on customers. 

The guidance, released Thursday by the Cybersecurity and Infrastructure Security Agency, the National Security Agency and the Office of the Director of National Intelligence, gives recommendations for software customers “to ensure the integrity and security of software during the procuring and deployment phases.”

The agencies provided recommendations throughout the software lifecycle, including: defining requirements, to product evaluation, contracts, deployment, testing, integration, product roll-out, upgrades and training. 

For example, recommendations include: keeping security and risk assessments up-to-date, mandating sufficient protection and control of geolocation data and metadata; and specifying and assigning individual roles, among other things.

This customer guidance follows a similar August document for developers and October guidance for suppliers. However, the report for developers was met with mixed reviews from industry. 

The series––Securing Software Supply Chain––is a product of the Enduring Security Framework, a CISA and NSA-led public-private cross-sector working group.  

Source: https://www.nextgov.com/cybersecurity/2022/11/latest-guidance-outlines-customer-responsibilities-software-security/379945/

Advertisement
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2023 Cyber Reports Cyber Security News All Rights Reserved Website by Top Search SEO