The Cybersecurity and Infrastructure Security Agency (CISA) recently released the free Software Acquisition Guide: Supplier Response Web Tool.
The tool is designed for information technology and industry decision makers, procurement professionals and software suppliers. It helps users focus on the most relevant questions for their acquisition context; supports stronger due diligence and more secure outcomes across procurement efforts; breaks the guide into manageable, adaptive sections based on user input; and enables exportable summaries that can be shared with decision-makers. It was designed to allow users to make informed, risk-aware decisions that align with federal cybersecurity guidance and best practices.
“This tool demonstrates CISA’s commitment to offering practical, free solutions for smarter, more secure software procurement,” Marci McCarthy, CISA director of public affairs, said. “Transforming the Software Acquisition Guide into an interactive format simplifies integrating cybersecurity into every step of procurement.”
The tool is part of a broader effort to strengthen software supply chain resilience and equip stakeholders with modern tools.
Since its release, the Software Acquisition Guide and its accompanying spreadsheet have been downloaded more than 4,000 times.
The tool builds on the “Software Acquisition Guide for Government Enterprise Consumers: Software Assurance in the Cyber-Supply Chain Risk Management Lifecycle.”