Washington, D.C. – Software manufacturers are voluntarily committing to a pledge focusing on enterprise software products and services, aiming to enhance cybersecurity measures. The pledge excludes physical products such as IoT devices and consumer products but welcomes companies looking to demonstrate progress in those areas as well.

By participating in the pledge, software manufacturers promise to make a sincere effort to work towards specific goals over the next year. If measurable progress towards a goal is achieved, manufacturers should publicly document their success within one year of signing the pledge. Manufacturers who face challenges in making progress are encouraged to share their efforts with CISA within the same time frame. The pledge, while not legally binding, promotes transparency within the industry.

The pledge includes seven goals, each with core criteria for manufacturers to strive for, alongside example approaches to achieve these goals. Participating manufacturers have the flexibility to choose how they will meet and demonstrate the core criteria for each goal, allowing for a variety of approaches. Demonstrating progress can take on different forms, whether through action on all products or by focusing on a subset of products initially and developing a roadmap for others.

CISA recognizes and commends software manufacturers who already meet or exceed the goals outlined in the pledge. Manufacturers who fall into this category are encouraged to share their strategies for achieving these goals publicly. Additionally, CISA welcomes efforts from manufacturers to surpass the goals set in the pledge, further promoting cybersecurity within the industry.

The pledge serves as a complement to existing software security best practices, including those established by CISA, NIST, other federal agencies, and international industry standards. CISA continues to advocate for the adoption of additional measures that promote a secure design approach in cybersecurity practices.