BOSTON—November 9, 2022—Aqua Security, the leading pure-play cloud native security provider, today announced that it is the only enterprise-grade vendor providing software supply chain security attestation to meet the requirements of Executive Order (EO) 14028. The Executive Order on Improving the Nation’s Cybersecurity lists out all the software supply chain requirements that third-party software companies must meet or exceed to enhance the nation’s cybersecurity and protect the nation from malicious cyber actors.
“This order has a vast impact on global software suppliers. If you sell to the government, or you sell to a company that sells to the government, you need to prove compliance,” explains Dror Davidoff, CEO and cofounder of Aqua Security. “As software supply chain attacks increase in sophistication and scale, the private sector must adapt its proactive cybersecurity measures. EO 14028 is a critical and bold step for the United States to help prevent cyber incidents.”
Following EO 14028, in September 2022, a memo Enhancing the Security of the Software Supply Chain through Secure Software Development Practices was released listing the effective dates for agencies to ensure that the software they are procuring (and have previously procured) is compliant with the EO. Deadlines are as follows:
- By January 12, 2023 – Agency CIOs to communicate requirements to vendors
- By June 11, 2023 – Compliance attestation letters to be collected for critical software
- By September 14, 2023 – Compliance attestation letters to be collected for all software
Meeting EO and Software Bill of Materials (SBOM) Compliance with Aqua
Aqua Security’s Software Supply Chain Security is the only end-to-end solution that ensures protection across the entire software development lifecycle and will enable software providers to meet and attest to the EO requirements. The solution helps companies to complete compliance requirements within a month of deployment and includes the reporting and management capabilities for initial and ongoing compliance attestation. Specifically, the Aqua Solution ensures compliance with EO 14028 by:
- Ensuring secure configuration of development environments with accompanying attestation (sections 4e i-ii)
- Ensuring sources of code are trusted and that code vulnerabilities have been remediated with accompanying attestation (sections 4e iii-v)
- Maintaining provenance data for internal and third-party code and having an SBOM for each released product (sections 4e vi-vii)
- Maintaining secure development processes with accompanying attestation (section 4e ix).
- Maintaining data integrity and provenance of open source software in use with accompanying attestation (section 4e x)
“The clock is ticking—we are only 10 months away from the compliance deadline. Aqua is making it easy for software vendors to not only meet compliance requirements but also have the confidence that they can prevent software supply chain attacks,” said Davidoff.
Learn more about how Aqua Security can help you to comply with the EO and protect your software supply chain.
About Aqua Security
Aqua Security stops cloud native attacks and is the only company with a $1M Cloud Native Protection Warranty to guarantee it. As the pioneer and largest pure-play cloud native security company, Aqua helps customers unlock innovation and build the future of their business. The Aqua Platform is the industry’s most integrated Cloud Native Application Protection Platform (CNAPP), prioritizing risk and automating prevention, detection and response across the lifecycle. Founded in 2015, Aqua is headquartered in Boston, MA and Ramat Gan, IL with Fortune 1000 customers in over 40 countries. For more information, visit https://www.aquasec.com/.