Sign In

Communications of the ACM

ACM News

CISA Releases Secure-by-Design, -Default Guidance

View as: Print Mobile App Share:
 The new release from CISA and its partners is meant to advance discussions.

The provides both core guiding principles and more specific technical recommendations.

Credit: Shutterstock

Federal cyber officials have long called for software manufacturers to take more responsibility for preventing cyber attackers from exploiting their products. Now, officials are moving toward seeing that call put into action.

CISA, the FBI, the National Security Agency (NSA) and partner nations' cybersecurity authorities released a report today that's intended to guide software manufacturers toward a new approach. The recommendations aim to ensure products are already designed and configured for strong security before they reach end users.

Former National Cyber Director Chris Inglis and now-acting National Cyber Director Kemba Walden have previously highlighted this issue. Tech companies have the resources and reach to make real change, but too often it's the end users who are expected to shoulder most of the burden of patching, evading phishing schemes and otherwise heading off incidents, Walden said during a discussion last month. A single person's password mistake shouldn't be able to turn into a Colonial Pipeline-level crisis, Walden said.

From Government Technology
View Full Article



No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account