The Biden White House has released a new cybersecurity executive order outlining guidelines for software supply chain security, including the suggestion that federal agency CIOs start requiring documentation of secure development and software bills of materials (SBOMs).
In a memo sent to the heads of executive departments and agencies, the White House Office of Management and Budget outlines supply chain cybersecurity best practices established by the National Institute of Standards and Technology (NIST), which would recommend a full software inventory assessment, collecting statements from each outside software vendor that its products conform to the NIST supply chain security framework, and a requirement for SBOMs when purchasing new software.
“As agencies develop requirements that include the use of new software, they must request confirmation that the software producer utilizes secure software development practices,” the OMB memo said. “This could be accomplished through specification of these requirements in the Request for Proposal (RFP) or other solicitation documents, but regardless of how the agency ensures compliance, the agency must ensure that the company implements and attests to the use of secure software development practices consistent with NIST Guidance, throughout the software development lifecycle.”
Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.