Experimental News Clipping Site

Alerts: ASD’s ACSC, CISA, and US and International Partners Release Guidance on Choosing Secure and Verifiable Technologies

by

system automation
in

Source URL: https://www.cisa.gov/news-events/alerts/2024/12/05/asds-acsc-cisa-and-us-and-international-partners-release-guidance-choosing-secure-and-verifiable
Source: Alerts
Title: ASD’s ACSC, CISA, and US and International Partners Release Guidance on Choosing Secure and Verifiable Technologies

Feedly Summary: Today, CISA—in partnership with the Australian Signals Directorate Australian Cyber Security Centre (ASD ACSC), and other international partners—released updates to a Secure by Design Alert, Choosing Secure and Verifiable Technologies. Partners that provided recommendations in this alert include:

The Canadian Centre for Cyber Security (CCCS).
United Kingdom’s National Cyber Security Centre (NCSC-UK).
New Zealand’s National Cyber Security Centre (NCSC-NZ).
Republic of Korea’s National Intelligence Service (NIS) and NIS’ National Cyber Security Centre (NCSC).

Cyber threats to user privacy and data are growing, requiring customers to evaluate their processes for acquiring products and services from technology manufacturers. Proactive integration of security mitigations into the procurement process can assist in managing risks present within the technology supply chain and reduce costs for organizations. This guidance aids procuring organizations and manufacturers of digital products and services in choosing and developing technology that is secure by design. This is an update to previously released guidance (Secure by Design Choosing Secure and Verifiable Technologies).
CISA and partners encourage all organizations to read the guidance to assist with making secure and informed choices when procuring digital products and services. Software manufacturers are also encouraged to incorporate the secure by design principles and practices found in the guidance. To learn more about secure by design principles and practices, visit CISA’s Secure by Design webpage.

AI Summary and Description: Yes

Summary: The CISA, alongside several international cybersecurity partners, has updated its “Secure by Design Alert,” focusing on security and verification in technology procurement. This guidance addresses the increasing cyber threats to user privacy and data, emphasizing the importance of integrating security into the acquisition processes to enhance supply chain resilience and cost management.

Detailed Description: The recent update from the Cybersecurity and Infrastructure Security Agency (CISA) and its partners aims to reinforce the importance of security in the procurement of technology products and services. This initiative is particularly relevant for security professionals who must navigate the increasing complexity of cyber threats and the importance of incorporating secure design principles in technology development and acquisition.

Key points include:

– **Collaborative Effort**: The update involves multiple international cybersecurity agencies, which highlights the global consensus on the need for enhanced security measures in technology procurement.
– Partners include:
– Australian Signals Directorate Australian Cyber Security Centre (ASD ACSC)
– Canadian Centre for Cyber Security (CCCS)
– United Kingdom’s National Cyber Security Centre (NCSC-UK)
– New Zealand’s National Cyber Security Centre (NCSC-NZ)
– Republic of Korea’s National Intelligence Service (NIS) and its National Cyber Security Centre (NCSC)

– **Growing Cyber Threats**: There is an acknowledgment that cyber threats continue to pose significant risks to user privacy and data security, necessitating a reevaluation of existing procurement processes.

– **Proactive Security Integration**: The update advocates for the proactive integration of security measures into the procurement process to mitigate risks associated with the technology supply chain, which can lead to reduced costs for organizations.

– **Guidance for Organizations**: The document serves as a resource for organizations, aiding them in making informed decisions when procuring digital products and services while encouraging software manufacturers to adopt secure by design principles.

– **Call to Action**: CISA and its partners call on all organizations to consider this updated guidance to enhance their security posture effectively.

This document is critical for security and compliance professionals, as it underscores the necessity for vigilance in assessing technology acquisition strategies and emphasizes the role of established security principles in mitigating risks throughout the supply chain.