Knowledge Tree
CISA
Also known as: Cybersecurity and Infrastructure Security Agency, US Cybersecurity and Infrastructure Security Agency, US CISA
Facts (12)
Sources
Open source software best practices and supply chain risk ... - GOV.UK gov.uk Mar 3, 2025 2 facts
claimResources for Software Bill of Materials (SBOM) and Vulnerability Exploitability Exchange (VEX) created through collaborative endeavors with US CISA working groups and community gatherings have gained widespread adoption across both public and private sectors, as reported by Osborne et al. (2023).
claimThe US Cybersecurity and Infrastructure Security Agency (CISA) has initiated working groups comprising multiple stakeholders from different industries to jointly create tools for enhancing software security, such as guidelines and frameworks for Software Bill of Materials (SBOMs) and Vulnerability Exploitability Exchange (VEX) standards.
Cyberattack Activity Linked to the Middle East Increases asisonline.org Mar 24, 2026 2 facts
referenceThe U.S. Cybersecurity and Infrastructure Security Agency is responsible for monitoring cyber threats and notifying public and private sectors about cyber operations.
claimThe United States' cyber readiness may be in question due to significant reductions at the U.S. Cybersecurity and Infrastructure Security Agency.
bureado/awesome-software-supply-chain-security - GitHub github.com 2 facts
referenceThe document 'Securing the Software Supply Chain for Developers' was published by the National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Office of the Director of National Intelligence (ODNI) under the Enduring Security Framework (ESF) initiative.
accountThe AI-BOM Workshop at the 2024 RSA Conference covered AI software supply chain security, the AI Bill of Materials (AI-BOM), and ecosystem best practices with industry leaders and CISA representatives.
GovSCH: An Open-Source Schema for Transforming Governance ... newamerica.org Oct 28, 2025 2 facts
claimThe reliance of most executive orders and frameworks on prose creates three primary challenges: misalignment and ambiguity for engineering teams, a manual translation burden for compliance functions, and fragmented development due to incompatible or duplicative frameworks from agencies like NIST, OMB, and CISA.
claimGovSCH supports rules-as-code pilots by providing a production-ready schema that aligns with mandates from agencies like NIST and CISA.
A Mixed-Methods Study of Open-Source Software Maintainers On ... arxiv.org Feb 3, 2025 1 fact
quote“The CVE program suffers from many single points of failures: managed by the USA (not 24/7) hence a CVE ID cannot be delivered fast. CISA analysts backlog and [don’t] have enough time and understanding of the system’s complexity to properly analyze reports; thus, publish poor quality content.”
Software Supply Chain Resilience in 2025: A Comparative Analysis ... ijisc.com Dec 24, 2025 1 fact
referenceCISA published guidance for software supply chain incident response in 2025.
Cyber Insights 2025: Open Source and Software Supply Chain ... securityweek.com Jan 15, 2025 1 fact
claimThe United States government encourages open source software security through the implementation of Software Bill of Materials (SBOMs) and the Cybersecurity and Infrastructure Security Agency (CISA) Secure by Design initiative.
State of the Software Supply Chain Report | 10 Year Look - Sonatype sonatype.com 1 fact
referenceThe following regulations and frameworks have impacted the software supply chain between 2014 and 2025: The Cyber Supply Chain Management and Transparency Act 2014 (Royce bill), The European Union General Data Protection Regulation (GDPR) (2018), The California Consumer Privacy Act (CCPA) (2020), Cybersecurity Maturity Model Certification (CMMC) (2020), Executive Order 14028 (2021), BSI Update (Germany, 2021), The European Union Agency for Cybersecurity (ENISA) (2021), The Network and Information Systems Directive (NIS2 Directive) (2023), The Digital Operational Resilience Act (DORA) (2023), Secure by Design (2023), Self-attestation (2023), Security through Integrated Economic Measures (2023), The CISA Cybersecurity Strategic Plan (2023), The Cyber Resilience Act (2024), Product Liability Directive (PLD) (2024/2025), and The Association of Southeast Asian Nations (ASEAN) (2025).