This is a voluntary pledge focused on enterprise software products and services, including on-premises software, cloud services, and software as a service (SaaS).
The pledge is structured with seven goals. Each goal has the core criteria which manufacturers are pledging to work towards, in addition to context and example approaches to achieve the goal and demonstrate measurable progress. To enable a variety of approaches, software manufacturers participating in the pledge have the discretion to decide how best they can meet and demonstrate the core criteria of each goal. Demonstrating measurable progress across the manufacturer’s products can take a variety of forms — such as by taking action on all the manufacturer’s products, or by choosing a set of products to first address and publishing a roadmap for other products.
This pledge seeks to complement and build on existing software security best practices, including those developed by CISA, NIST, other federal agencies, and international and industry best practices. CISA continues to support adoption of complementary measures that advance a secure by design posture.