The Cybersecurity and Infrastructure Security Agency (CISA) on Aug. 26 rolled out a new web-based tool that the agency said can help IT industry decision makers, procurement officials, and software suppliers “strengthen cybersecurity practices throughout the software procurement lifecycle.”
CISA said its Software Acquisition Guide: Supplier Response Web Tool is available at no cost to users and features a five-section questionnaire for users. It employs content from the Information and Communications Technology Supply Chain Risk Management Task Force’s “Software Acquisition Guide for Government Enterprise Consumers: Software Assurance in the Cyber-Supply Chain Risk Management (C-SCRM) Lifecycle,” originally published in 2024.
The web tool, CISA said, offers a “streamlined, digital experience that simplifies how users assess software assurance and supplier risk.”
“This tool demonstrates CISA’s commitment to offering practical, free solutions for smarter, more secure software procurement,” commented CISA Director of Public Affairs Marci McCarthy.
“Transforming the Software Acquisition Guide into an interactive format simplifies integrating cybersecurity into every step of procurement,” McCarthy said.
“Whether evaluating a single product or managing a complex acquisition, the Web Tool empowers users to make informed, risk-aware decisions that align with federal cybersecurity guidance and best practices,” the agency said.