Check out AI Discovery, the latest addition to the Legit platform. Read the press release now →

Platform
header mobile nav icon
Platform
Platform - Capabilities -
warranty-badge-highlight 1
ASPM

Legit Security - Navbar Icon - Compliance Attestation & Reporting
Compliance Attestation & Reporting

- Features -
Legit IconAI Discovery
AI Discovery

Legit IconCISA Attestation
CISA Attestation

- Integrations -
Legit Security - Navbar Icon - Integrations
Integrations

Modules
Legit For Secret Scanning Nav Icon 2024 - Very Light Purple
Secret Scanning

Use Cases
header mobile nav icon
Use Cases
dashboard-3 1
Vulnerability Management

Legit For Secret Scanning Nav Icon 2024 - Very Light Purple
Secrets Scanning

shield-check 1
Compliance

warranty-badge-highlight 1
Secure SDLC & Software Supply Chain Security

Customers Company
header mobile nav icon
Company
book icon primary 200
About Us

briefcase icon primary 200
Careers

message icon primary 200
In the News

Legit For Press Releases Nav Icon 2024 - Very Light Purple
Press Releases

calendar icon primary 200
Events

Resources
header mobile nav icon
Resources
squared pencil icon primary 200
Blog

bookmark icon primary 200
Resource Library

brackets icon primary 200
Open Source

Contact Us

CISA SSDF Attestation

CISA Attestation allows organizations to verify that they adhere to the NIST Secure Software Development Framework (SSDF) guidelines and comply with the controls described. Legit’s ensures you can validate your security program aligns with the four key areas of CISA Attestation.

CISA SSDF Attestation - Header v1

Executive Sign-Off on Software Security

Software security supply chain attacks have created a newfound sense of urgency in validating the efficacy of software security programs. To that end, the U.S. government enacted requirements that companies selling software to the government validate they meet the SSDF framework requirements. Senior executive sign-off – CEO or COO – is required as part of CISA Attestation.

CISA Focus: Secure Development Environment

  • Secrets Detection: Legit leverages AI and LLMs to discover and protect secrets across your entire SDLC.
  • Developer Identification & Permissions: Legit instantly shows collaborators, as well as permissions.
  • SDLC Visibility: Legit automatically and continuously discovers and maps all your developer tools and systems.
CISA Focus - Secure Development Environment

.png.png

CISA Focus: Secure Software Supply Chain

  • SDLC Hardening: Legit offers the most comprehensive policies and best practices for protecting all assets in a software factory.
  • SDLC Graph: Legit identifies how code progress through your pipelines for complete traceability in all your products.
  • Code to Cloud: Legit Instantly traces any issue found in production back to the code for easy and fast remediation.
CISA Focus - Secure Software Supply Chain

CISA Focus: Maintain Code and Artifact Provenance

  • Artifact Provenance: Legit delivers provenance records to verify and prove integrity of artifacts during the build process.
  • Complete Inventory: Legit tracks all resources used in development, build and production, including repos, container images, Kubernetes resources and more.
CISA Focus - Maintain Code and Artifact Provenance

CISA Focus: Check for Vulnerabilities

  • Single Source of Truth: Legit integrates existing security scan tooling to aggregate, prioritize and remediate all issues from a single platform.
  • Control Mapping: Legit provides complete visibility into where you have proper controls in place, as well as gaps, to support broader use of your existing tools.
  • Extended Risk Visibility: Legit extends vulnerability, misconfiguration, and risk identification into areas of the SDLC largely ignored by existing application security tools.
CISA Focus - Check for Vulnerabilities

Related Resources

  • Resources Library - Infographic - Overcoming the Compliance Challenges of AppSec v1
    infographics

    Overcoming the Compliance Challenges of AppSec Infographic

    Understand AppSec compliance challenges and how to address them.

    Read Now
  • How to Address CISA Attestation - Legit Security - Blog - Featured Image
    blogs

    How to Address CISA Attestation

    Get details on the CISA Attestation, how to address it, and how Legit can help.

    Read Now
  • Addressing CISA Attestation - Datasheet - Legit Security - Featured Image
    datasheets

    Addressing CISA Attestation

    Learn more about CISA attestation and how Legit policies map to its requirements.

    Read Now

Request a Demo

Request a demo including the option to analyze your own software supply chain.

Request a Demo