NSA Releases Recommendations to Mitigate Software Supply Chain Risks – National Security Agency

Official websites use .gov
Secure .gov websites use HTTPS

FORT MEADE, Md. – In response to an increase in cyberattacks to supply chains over the past five years, including targeted attacks of software supply chains, the National Security Agency (NSA) is releasing the Cybersecurity Information Sheet (CSI), “Recommendations for Software Bill of Materials (SBOM) Management.” This CSI provides network owners and operators with guidance for incorporating SBOM use to help protect the cybersecurity supply chain, with a focus on and some additional guidance for National Security Systems (NSS).
 
Effective Software Bill of Materials (SBOM) management leverages identification of software components to mitigate cyber risk and support improved cybersecurity throughout the software’s lifecycle. According to the CSI, SBOM management should proceed in three steps. First, examine and manage risk before acquiring software. Second, analyze vulnerabilities after deploying new software. Third, implement incident management to detect and respond to new software vulnerabilities during vital operations.
 
“As Software Bills of Materials become more integral to Cybersecurity Supply Chain Risk Management standards, best practices will become critical to ensuring efficiency and reliability of the software supply chain,” said Rob Joyce, NSA Cybersecurity Director and Deputy National Manager for the National Security System (NSS). “Network owners and operators we work with count on NSA to advise them on shoring up their defenses.  These guidelines provide the information they need to select the appropriate tools to reduce an organization’s overall risk exposure.”
 
This guidance includes recommended SBOM tool management functionality that supports the Director of the NSA in his role as the National Manager for National Security Systems, namely to provide better Cybersecurity Supply Chain Risk Management (C-SCRM) for NSS owners and operators. The CSI encourages NSS owners to implement a robust C-SCRM SBOM management strategy that ensures the authenticity, integrity, and trustworthiness of software products.
 
The CSI’s contents draw from NSA sources and analysis, as well as NSA’s partners, including the National Institute of Standards and Technology, the Office of Management and Budget, the Cybersecurity and Infrastructure Security Agency, the National Telecommunications and Information Administration, and the larger cybersecurity community.
 
Read the full report here.
Visit our full library for more cybersecurity information and technical guidance.
NSA Media Relations
MediaRelations@nsa.gov
443-634-0721
Civil Liberties, Privacy, & Transparency Office

source

Related Posts

After 6 months and little explanation, Norton Healthcare patients, employees still feeling effects of cyber attack – WDRB

Spotty shower possible. Storms after midnight Updated: April 16, 2024 @ 12:31 pmNorton Healthcare, a company serving about 600,000 patients a year with nearly $5 billion in assets, continues to…

Read more

CA's top cybersecurity job has been vacant for almost 2 years – CalMatters

Technology Californians get hacked all the time. The state’s top cybersecurity job is vacant In summaryGov. Newsom has yet to appoint a commander who is tasked with informing businesses and…

Read more

13 Cyber Security Measures Your Small Business Must Take – Tech.co

Our content is funded in part by commercial partnerships, at no extra cost to you and without impact to our editorial impartiality. Click to Learn MoreCybersecurity has been important to…

Read more

AVG Antivirus Free review – Ghacks

AVG AntiVirus Free is a longstanding security program for Microsoft Windows that protects computer systems from viruses, trojans and other malicious code.One interesting fact about AVG is that it maintains…

Read more

Vlog Episode #247: Chris Long on Improving Technical SEO Skills & Playing Offense SEO – Search Engine Roundtable

In part one, we learned about Chris Long and his experience working with Bill Slawski. Then, in part two, we spoke about helping people with SEO on LinkedIn and using…

Read more

Information Security Vs. Cybersecurity: What's The Difference? – Forbes

Information Security Vs. Cybersecurity: What’s The Difference?  Forbessource

Read more

Leave a Reply

Your email address will not be published. Required fields are marked *