CISA’s Secure by Demand initiative [2], under the leadership of Director Jen Easterly, highlights the importance of organizations leveraging their purchasing power to prioritize cybersecurity in procurement decisions.

Description

The initiative includes a Secure by Demand Guide to assist in evaluating software manufacturers’ cybersecurity practices. Furthermore, nearly 200 tech and cybersecurity companies have endorsed the Secure by Design pledge [1], which aims to integrate default secure features in products. This pledge [1], unveiled at the RSA Conference [1], promotes secure product design through the implementation of vulnerability disclosure programs, monitoring of hacking attempts, and elimination of default passwords. CISA is monitoring and reporting on the pledge’s impact [2], particularly in areas such as multifactor authentication and vulnerability reduction [2].

Conclusion

The Secure by Demand initiative and Secure by Design pledge are making strides in enhancing cybersecurity practices within organizations. By prioritizing cybersecurity in procurement decisions and incorporating secure features in products, companies can better protect themselves from cyber threats. Moving forward, continued efforts in these areas will be crucial in strengthening overall cybersecurity resilience.

References

[1] https://www.nextgov.com/cybersecurity/2024/08/nearly-200-firms-have-signed-pledge-built-more-secure-software-top-cyber-official-says/398685/
[2] https://www.infosecurity-magazine.com/news/cisa-secure-by-demand-strategy/