The Department of Homeland Security (DHS) along with the Cybersecurity and Infrastructure Security Agency (CISA) launched a contract opportunity looking to develop an automated software for billing that looks to give more visibility into supply chains.
This solicitation aims to seek technical capabilities that will help CISA secure the digital frameworks that individuals and organizations rely on for essential services, including communications, finance, transportation, and energy.
“DHS is committed to working with industry to develop tools and technologies that provide visibility into the software supply chain,” said Melissa Oh, SVIP Managing Director. “This topic call highlights core capabilities that will help bring transparency into the digital building blocks used by organizations in both their business operations and in their cyber defenses.”
Some of the main criteria the contract is calling for are some of the following.
- Plug into integrated development environment tools to highlight software dependencies, warn of vulnerabilities and provide mitigations.
- Secure important infrastructure.
- Use software identifiers to help system administrators using security incident and event management tools pinpoint and prioritize threats to the operational environment.
“Vulnerabilities in software are a key risk in cybersecurity, with known exploits being a primary path for bad actors to inflict a range of harms,” said Allan Friedman, CISA Senior Advisor, and Strategist. “By leveraging SBOMs as key elements of software security, we can mitigate the risk to the software supply chain and respond to new risks faster, and more efficiently.”