Aqua Security, the pure-play cloud native security provider, has announced that it is the only enterprise-grade vendor providing software supply chain security attestation to meet the requirements of Executive Order (EO) 14028. The Executive Order on Improving the Nation’s Cybersecurity lists out all the software supply chain requirements that third-party software companies must meet or exceed to enhance the nation’s cybersecurity and protect the nation from malicious cyber actors.
Following EO 14028, in September 2022, a memo Enhancing the Security of the Software Supply Chain through Secure Software Development Practices was released listing the effective dates for agencies to ensure that the software they are procuring (and have previously procured) is compliant with the EO.
Aqua Security said that its Software Supply Chain Security is the only end-to-end solution that ensures protection across the entire software development lifecycle and will enable software providers to meet and attest to the EO requirements. The solution helps companies to complete compliance requirements within a month of deployment and includes the reporting and management capabilities for initial and ongoing compliance attestation.
Specifically, the Aqua Solution ensures compliance with EO 14028 by:
- Ensuring secure configuration of development environments with accompanying attestation (sections 4e i-ii)
- Ensuring sources of code are trusted and that code vulnerabilities have been remediated with accompanying attestation (sections 4e iii-v)
- Maintaining provenance data for internal and third-party code and having an SBOM for each released product (sections 4e vi-vii)
- Maintaining secure development processes with accompanying attestation (section 4e ix).
- Maintaining data integrity and provenance of open source software in use with accompanying attestation (section 4e x)