Enhanced cybersecurity

CISA to Release List of Critical Software Products for Federal Agencies

The Cybersecurity and Infrastructure Security Agency is aiming to provide a list of critical software products to federal agencies by September 30 in a move to strengthen federal cybersecurity.

The list will serve as a reference point, highlighting examples of software that aligns with criteria set by the National Institute of Standards and Technology and has system access management and network protection capabilities, CISA said.

With the software catalog, CISA aims to equip agencies with a clearer picture of potential vulnerabilities within their core software applications.

It also aligns with CISA’s ongoing advocacy of “secure by design” principles in software procurement, urging vendors to prioritize built-in security features within their products.

The initiative follows a recent Government Accountability Office report that assessed the implementation of a 2021 cybersecurity executive order and an Office of the Management and Budget review that revealed that the majority of agencies lacked adequate policies to comply with federal cybersecurity regulations for internet of things devices they acquire.

It also comes amid recent high-profile cyber incidents involving Chinese and Russian actors exfiltrating sensitive data, emphasizing the critical need for enhanced cybersecurity measures across federal government agencies.