Aqua Security’s new guidelines for supply chain security

Aqua Security, the leading pure-play cloud native security provider and the Center for Internet Security (CIS), an independent, nonprofit organization with a mission to create confidence in the connected world, today released the industry’s first formal guidelines for software supply chain security. 

Developed through collaboration between the two organisations, the CIS Software Supply Chain Security Guide provides more than 100 foundational recommendations that can be applied across a variety of commonly used technologies and platforms. In addition, Aqua Security unveiled a new open source tool, Chain-Bench, which is the first and only tool for auditing the software supply chain to ensure compliance with the new CIS guidelines.

Establishing Best Practices for Software Supply Chain Security

Although threats to the software supply chain continue to increase, studies show that security across development environments remains low. The new guidelines establish general best practices that support key emerging standards like Supply Chain Levels for Software Artifacts (SLSA) and The Update Framework (TUF) while adding foundational recommendations for setting and auditing configurations on the Benchmark-supported platforms.

Within the guide, recommendations span five categories of the software supply chain, including Source Code, Build Pipelines, Dependencies, Artifacts, and Deployment. 

CIS intends to expand this guidance into more specific CIS Benchmarks to create consistent security recommendations across platforms. As with all CIS guidance, the guide will be published and reviewed globally. Feedback will help ensure that future platform-specific guidance is accurate and relevant.  

“By publishing the CIS Software Supply Chain Security Guide, CIS and Aqua Security hope to build a vibrant community interested in developing the platform-specific Benchmark guidance to come,” said Phil White, Benchmarks Development Team Manager for CIS. “Any subject matter experts that develop or work with the technologies and platforms that make up the software supply chain are encouraged to join the effort in building out additional benchmarks. Their expertise will be valuable to establishing critical best practices to advance software supply chain security for all.”

To date, the guide has been reviewed by experts at CIS, Aqua Security, Axonius, PayPal, CyberArk, Red Hat and other leading technology firms. 

For more news updates, check out our May issue here.

Media contact 

Rebecca Morpeth Spayne, 

Editor, Security Portfolio 

Tel: +44 (0) 1622 823 922

About Security Buyer

Security Buyer is the leading authority in global security content, delivering expert news, in-depth articles, exclusive interviews, and industry insights across print, digital, and event platforms. Published 10 times a year, the magazine is a trusted resource for professionals seeking updates and analysis on the latest developments in the security sector.

To submit an article, or for sponsorship opportunities, please contact our team below.

Rebecca Spayne picture 2025

Rebecca Spayne

Managing
EDITOR

Georgina Turner image

Georgina Turner

Sales
Manager

Afua Akoto image - Security Buyer

Afua Akoto

Marketing Manager

Read the Latest Issue

Follow us on X

Follow us on X

Click Here

Follow us on LinkedIn

Follow us on LinkedIn

Click Here

Advertise here

Reach decision makers and amplify your marketing

Advertise here

Click Here

Related News

ASIS Europe

Genetec to separate AI hype from reality at ASIS Europe 2025

Genetec has announced its plans for ASIS Europe 2025, taking place in Dublin, Ireland from 4-6 March. Its focus will be on the future..
Copyright: Security Buyer

Perimeter Protection: Balancing Physical and Technology

Joseph Clarke, Assistant Editor advocates for a hybrid approach to balancing physical and technological barriers in perimeter security…
Gallagher

Gallagher Security’s latest Industry Trends Report

Gallagher Security has unveiled its Security Industry Trends Report 2025, offering insights into the rapid evolution of security systems
Oil and Gas

Navigating Africa’s Oil & Gas Industry

A comprehensive analysis of security strategies in Africa’s oil and gas industry, covering physical, cyber, and remote surveillance measures.
Matt Humby website

Raising awareness on lithium-ion battery fires

Leading experts scheduled to present at Anticipate London, bringing together insights from the Safety and Health Expo, FIREX, Facilities Show and IFSEC.
Rhombus

Rhombus Addresses Physical Security at Large Locations

Rhombus announced the availability of two additions to its comprehensive lineup of security solutions: the R600 Multisensor Camera
HID

New State of Physical Access Control Report from HID

HID announced the 2024 State of Physical Access Control Report, identifying five key trends that are shaping the future of access control.
Smart Home

Hackers are targeting your smart tech

Approximately 75% of UK households have at least one smart device connected to their home Wi-Fi, but could these devices…
Pedro Simoes

The Innovator: Motorola Solutions

Pedro Simoes, Corporate Vice President Sales Video Security & Access Control at Motorola Solutions presents AI as the next-gen…
Simon Legrand

Guiding Principles in Solar CCTV

Security Buyer Editorial Ambassador, Simon Legrand, CMO of Sunstone Systems unveils the blueprint guide to designing…
Scroll to Top