CISA has released a guide to enhance how organizations evaluate software manufacturers’ security practices, emphasizing product security over enterprise security measures for defending against cyber threats.