SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
Application Security
#
Cybersecurity
#
Aqua Security
Aqua Security only vendor that can meet US EO requirements
Fri, 11th Nov 2022
FYI, this story is more than a year old
Author image
By Zach Thompson, News Editor
Follow us

Aqua Security is the only enterprise-grade vendor providing software supply chain security attestation to meet the requirements of US Executive Order (EO) 14028.

The order covers improving cybersecurity and lists all the software supply chain requirements that third-party software companies need to meet or exceed to better the United States’ cybersecurity and protect the nation from malicious cyber actors.

“This order has a vast impact on global software suppliers. If you sell to the government, or you sell to a company that sells to the government, you need to prove compliance,” explains Dror Davidoff, CEO and Co-Founder, Aqua Security.

“As software supply chain attacks increase in sophistication and scale, the private sector must adapt its proactive cybersecurity measures. EO 14028 is a critical and bold step for the United States to help prevent cyber incidents.”

Following EO 14028, a memo was released in September detailing the dates by which agencies need to ensure that the software they are procuring (and have previously procured) is compliant with the EO.

The deadlines released in Enhancing the Security of the Software Supply Chain through Secure Software Development Practices include:

  • By January 12, 2023: Agency CIOs to communicate requirements to vendors
  • By June 11, 2023: Compliance attestation letters to be collected for critical software
  • By September 14, 2023: Compliance attestation letters to be collected for all software

Aqua Security’s software supply chain security is the only end-to-end offering capable of ensuring the entire software development lifecycle is protected and will allow software providers to meet and attest to the EO requirements.

The offering assists companies in meeting compliance requirements within a month of deployment and includes reporting and management capabilities for initial and ongoing compliance attestation.

In particular, Aqua Security’s offering ensures compliance with EO 14028 by:

  • Making sure development environments are securely configured with accompanying attestation (sections 4e i-ii)
  • Ensuring sources of code are trusted, and that code vulnerabilities have been remediated with accompanying attestation (sections 4e iii-v)
  • Maintaining provenance data for internal and third-party code and having a Software Bill of Materials (SBOM) for each released product (sections 4e vi-vii)
  • Keeping development processes secure with accompanying attestation (section 4e ix)
  • Facilitating continued data integrity and provenance of open source software in use with accompanying attestation (section 4e x)

“The clock is ticking. We are only 10 months away from the compliance deadline. Aqua is making it easy for software vendors to not only meet compliance requirements but also have the confidence that they can prevent software supply chain attacks,” says Davidoff.

Related stories
Smarttech247 & SentinelOne launch AI-powered cybersecurity for SMEs
GitHub's 2FA initiative helps secure software supply chain
Jason Haddix joins Flare as Field Chief Information Security Officer
AI tools linked to data exposure in 1 in 5 UK organisations
Trend Micro introduces AI-driven cyber risk management features
Top stories
Australian businesses fast-track Microsoft cloud adoption amid cyber threats
Zscaler introduces enhanced ZDX service for improved IT operations
The importance of cybersecurity training for software developers
HID acknowledged as Leader in Gartner Magic Quadrant for Indoor Location Services
Exclusive: How Darktrace is tackling AI-driven cybersecurity