Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

White House Reminds Agencies to Adopt NIST’s Software Supply Chain Security Framework

The Office of Management and Budget pressed federal agencies on a deadline to adopt the software supply chain best practices as directed under last year’s White House cybersecurity executive order.

Federal agencies must “immediately” adopt guidance on software supply chain security as required under the May 2021 cybersecurity executive order, the Office of Management and Budget stated on Wednesday.

For government buyers, this means starting the process of putting the Secure Software Development Framework from the National Institute of Standards and Technology into practice. Under the framework, buyers are required to obtain attestations that software products conform to certain development best practices as a way of ensuring a secure software supply chain.

“Federal agencies must begin to adopt the SSDF and related guidance effective immediately, tailoring it to the agency’s risk profile and mission, the agency said in a March 7 statement on “enhancing the security of federally procured software”.

OMB is also collecting comments on implementation of the NIST framework before tasking agencies with undertaking some of the activities described in the framework.

“OMB understands vendor attestation of secure software development practices has significant implications for vendors and service providers supporting delivery. As a result, OMB will engage with the private sector on how best to implement this requirement before directing agencies to require an attestation,” the statement reads.

Per the executive order, the software supply chain security requirements extends to new acquisitions and legacy software that comes up for renewal, although waivers are available. 

The development best practices named by NIST include but aren’t limited to using secure development environments, using multi-factor authentication and risk-based authentication across the developer enterprise, encrypting data, and having a system in place on the developer side to log and respond to cyber incidents.

The SSDF push was launched by NIST in 2019 to provide guidance for the software industry, but it was also included as a requirement in the Biden administration’s cybersecurity executive order. NIST issued guidance for government buyers in early February, and now OMB is asking agencies to get on board with the plan and to submit comments on implementation.

OMB is seeking comment on six implementation questions to get ideas on how federal agencies can best obtain attestations covering software being procured and whether those attestations need to come from the original developer, another purchaser or a third-party. 

OMB wants responses from stakeholders by March 18. The agency will also host a public workshop on March 23 about implementation of the SSDF framework. 

Source: https://www.nextgov.com/cybersecurity/2022/03/white-house-reminds-agencies-adopt-nists-software-supply-chain-security-framework/362943/

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

How a cornerstone cybersecurity program has evolved from information collection to active defense. The Cybersecurity and Infrastructure Security Agency has used its Continuous Diagnostics...

Cyber Security

Cybercriminals are increasingly leveraging extreme weather events to launch attacks on critical infrastructure sectors. Cybersecurity experts say critical infrastructure operators can leverage a set...

Cyber Security

A new report says a cyber threat actor within Russia’s military intelligence service leveraged a novel malware campaign targeting Android devices used by the...

Cyber Security

Malware leveraging flaws in edge routers has been spying on military contracting websites, according to research from Lumen’s Black Lotus Labs. Malware leveraging flaws...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO