CISA Releases Software Acquisition Guide: Supplier Response Web Tool
Summary
Hide β²
Show βΌ
The Cybersecurity and Infrastructure Security Agency (CISA) has launched the Software Acquisition Guide: Supplier Response Web Tool. This interactive, no-cost resource helps IT decision-makers, procurement professionals, and software suppliers enhance cybersecurity throughout the software procurement lifecycle. The tool simplifies the assessment of software assurance and supplier risk, supporting secure-by-design and secure-by-default principles. The release is part of CISAβs broader effort to strengthen software supply chain resilience. The Web Tool breaks the guide into manageable sections, focuses on relevant questions based on user input, and enables exportable summaries for key decision-makers. It supports stronger due diligence and more secure procurement outcomes. The tool is available to federal, state, and local governments, as well as small and mid-sized businesses.
Timeline
-
26.08.2025 15:00 π° 1 articles
CISA Launches Software Acquisition Guide: Supplier Response Web Tool
On August 26, 2025, CISA released the Software Acquisition Guide: Supplier Response Web Tool. This interactive, no-cost resource helps IT decision-makers, procurement professionals, and software suppliers enhance cybersecurity throughout the software procurement lifecycle. The tool supports secure-by-design and secure-by-default principles and is part of CISAβs broader effort to strengthen software supply chain resilience.
Show sources
- CISA Unveils Tool to Boost Procurement of Software Supply Chain Security β www.cisa.gov β 26.08.2025 15:00
Information Snippets
-
The Software Acquisition Guide: Supplier Response Web Tool is an interactive, no-cost resource designed to enhance cybersecurity in the software procurement lifecycle.
First reported: 26.08.2025 15:00π° 1 source, 1 articleShow sources
- CISA Unveils Tool to Boost Procurement of Software Supply Chain Security β www.cisa.gov β 26.08.2025 15:00
-
The tool supports secure-by-design and secure-by-default principles by breaking the guide into manageable sections and focusing on relevant questions based on user input.
First reported: 26.08.2025 15:00π° 1 source, 1 articleShow sources
- CISA Unveils Tool to Boost Procurement of Software Supply Chain Security β www.cisa.gov β 26.08.2025 15:00
-
The Web Tool enables exportable summaries that can be shared with CISOs, CIOs, and other key decision-makers.
First reported: 26.08.2025 15:00π° 1 source, 1 articleShow sources
- CISA Unveils Tool to Boost Procurement of Software Supply Chain Security β www.cisa.gov β 26.08.2025 15:00
-
The tool is part of CISAβs broader effort to strengthen software supply chain resilience and equip stakeholders with modern tools for secure procurement.
First reported: 26.08.2025 15:00π° 1 source, 1 articleShow sources
- CISA Unveils Tool to Boost Procurement of Software Supply Chain Security β www.cisa.gov β 26.08.2025 15:00
-
The Software Acquisition Guide and its accompanying spreadsheet have already reached over 10,000 users and been downloaded more than 4,000 times.
First reported: 26.08.2025 15:00π° 1 source, 1 articleShow sources
- CISA Unveils Tool to Boost Procurement of Software Supply Chain Security β www.cisa.gov β 26.08.2025 15:00
Similar Happenings
CISA updates Software Bill of Materials (SBOM) minimum elements for public comment
The Cybersecurity and Infrastructure Security Agency (CISA) released a draft of the Minimum Elements for a Software Bill of Materials (SBOM) for public comment. This update reflects advancements in SBOM practices, tooling, and stakeholder adoption since the 2021 guidelines. The draft includes new elements and updates existing ones to align with current capabilities. The public can submit comments until October 3, 2025. The SBOM is a tool that provides transparency into the software supply chain by documenting software components. This transparency helps organizations make risk-informed decisions and improve software security. The updated guidelines aim to empower federal agencies and other organizations to enhance their cybersecurity posture. However, experts have expressed concerns about the practicality and operationalization of SBOMs, calling for more sector-specific guidance and support for automation and vulnerability integration.