The Biden White Home has launched a brand new cybersecurity government order outlining pointers for software program provide chain safety, together with the suggestion that federal company CIOs begin requiring documentation of safe improvement and software program payments of supplies (SBOMs).
In a memo despatched to the heads of government departments and companies, the White Home Workplace of Administration and Funds outlines provide chain cybersecurity finest practices established by the Nationwide Institute of Requirements and Know-how (NIST), which might advocate a full software program stock evaluation, amassing statements from every exterior software program vendor that its merchandise conform to the NIST provide chain safety framework, and a requirement for SBOMs when buying new software program.
“As companies develop necessities that embrace the usage of new software program, they need to request affirmation that the software program producer makes use of safe software program improvement practices,” the OMB memo mentioned. “This could possibly be achieved by specification of those necessities within the Request for Proposal (RFP) or different solicitation paperwork, however no matter how the company ensures compliance, the company should be certain that the corporate implements and attests to the usage of safe software program improvement practices in step with NIST Steering, all through the software program improvement lifecycle.”
