The effect of President Biden’s security order on web application providers


Want to sell your web applications to US government agencies? We have bad news and good news. The bad news is that President Biden just made it difficult for you. The good news is that Acunetix® can make it easier for you.

The SolarWinds breach has reminded the US government that everything is connected. In the real world, your safety is not just about you. If the business creates a web application, its security depends on the security of each partner in the business. This means every library used and every software the app is based on.

All of these things are interconnected and a safety failure in any of them can ultimately have consequences for the delivered product. As a result of this awareness, and with the scale of the latest Colonial Pipe attack, President Biden called on government agencies to prioritize their cybersecurity, including the cybersecurity of every third-party software and hardware they use.

Executive decree on improving the nation’s cybersecurity

On May 12, the White House issued a new presidential decree called the Executive decree on improving the nation’s cybersecurity. This ordinance places very high expectations on all agencies of the US federal government. In most cases, agencies only have 60 days (until July 11, 2021) to create and document new processes and procedures.

These procedures will make the selection of third parties more difficult for software developers. Basically, you will have to meet very strict cybersecurity standards if you want to sell anything to the US government. And you will have to be able to prove it.

“Gradual improvements will not give us the security we need; instead, the federal government must make bold changes and significant investments in order to defend the vital institutions that underpin the American way of life. “

An incredible opportunity for you

As part of this decree, government agencies will also have to reassess their current IT solutions. This means that many existing solutions will not meet the required cybersecurity standards and will need to be replaced soon.

“Protecting our nation from malicious cyber actors requires the federal government to partner with the private sector. “

This represents an incredible opportunity for application builders, especially in the case of web applications, to differentiate themselves from their competition and provide proactive and solid proof that your web applications meet strict security standards.

“The security of software used by the federal government is vital to the federal government’s ability to perform its critical functions. Commercial software development often lacks transparency, sufficient focus on the software’s ability to resist attacks, and adequate controls to prevent tampering by malicious actors.

This is where Acunetix comes in.

How to beat your competition

The federal government recognizes that vulnerabilities are one of the most common entry points for a security breach. They also know that there are automated tools, such as Acunetix, that can help find and remove these vulnerabilities.

“Within 90 days of publication (…) the Secretary of Commerce acting through the Director of NIST (…) will issue guidelines identifying practices that enhance the security of the software supply chain. (…) These guidelines must include standards, procedures or criteria concerning: (…) employment automated tools, or comparable processes, which check for known and potential vulnerabilities and correct them, which operate regularly, or at least before the release of the product, version or update.

President Biden’s guidelines make it clear that government agencies are supposed to require their vendors (you) to use automated tools that check for known and potential vulnerabilities. Obviously, in the case of web vulnerabilities, that means a web vulnerability scanner. These guidelines also clearly recommend software that can run smoothly, like Acunetix, which by design is designed to be integrated into the SDLC and therefore protect your software as early as possible, not just at least before the release of the product, version or update.

“The federal government will use all appropriate resources and authorities to maximize the early detection of cybersecurity vulnerabilities (…).

How to gain an advantage with Acunetix

You may ask yourself: why Acunetix in particular? What advantage do I have with Acunetix over my competitors who might use other products?

Here are some arguments:

  • Acunetix is ​​the first and most recognized web vulnerability scanner on the market. Product history and stability are important assessment factors for government agencies.
  • Acunetix is ​​provided by Invicti, a US-based specialty company that focuses entirely on web application security, unlike most of its competitors.

Currently, Acunetix provides you with several compliance reports suitable for federal agencies, including:

  • NIST Special Publication 800-53 report, which covers recommended security controls for information systems and federal organizations.
  • DISA STIG Web Security report – The Security Technical Implementation Guide (STIG) is a software and hardware configuration guide defined by the Defense Information System Agency (DISA), which is part of the US Department of Defense.

Tomasz Andrzej Nidecki
Technical content writer

Tomasz Andrzej Nidecki (also known as tonid) is a technical content writer working for Acunetix. Journalist, translator and technical writer with 25 years of IT experience, Tomasz was editor-in-chief of hakin9 IT Security magazine in its early days and used to run a large technical blog dedicated to email security.

Leave A Reply

Your email address will not be published.