CISA

The National Security Agency (NSA), the Office of the Director of National Intelligence (ODNI), and the Cybersecurity and Infrastructure Security Agency (CISA) have released a new report providing guidance on industry best practices on open source software and software bills of materials (SBOM). […]

Army

The U.S. Army is looking to the private sector for ideas on proactive monitoring and critical vulnerability mitigation to shore up its software supply chain and improve the security of its thousands of software components and third-party libraries, principally through Software Bills of Material processes. […]

The Fiscal Year (FY) 2023 National Defense Authorization Act (NDAA) bill released by the House Rules Committee late Tuesday evening features legislation approved by the House in September to codify into law and update the Federal Risk and Authorization Management Program (FedRAMP). […]

Tech-sector trade group Alliance for Digital Innovation (ADI) sent a letter to the House and Senate Armed Services committees on Oct. 20 asking lawmakers to reconsider a provision in the forthcoming national defense policy bill that would require vendors to provide a software bill of materials (SBOM) on the technology they provide government agencies. […]

CISA

Collaborating with private entities is a sure way to improve the security of open source software, said Allan Friedman, the senior advisor and strategist for the Cybersecurity and Infrastructure Strategy Agency (CISA), during day two of the Billington CyberSecurity Summit. […]

Federal agencies need to adjust their cyber threat scanning protocols to ensure they are getting a full-scope analysis of possible risk factors within their networks, and are not just scratching the surface on risks, officials from the State Department said on August 11 at an event organized by Federal News Network. […]

CISA

The Cybersecurity and Infrastructure Security Agency (CISA) is holding a series of public listening sessions aimed at using a community-based effort to advance the conversation around the technologies, policies, and processes required to implement Software Bills of Materials (SBOM), according to a Federal register post published today. […]

Wider use of software bills of materials (SBOM) requirements represents a key building block in software security and software supply chain risk management that Federal agencies need to increasingly rely on going forward, an official from the Cybersecurity and Infrastructure Security Agency (CISA) said today. […]

In the wake of the discovery and remediation efforts surrounding the Log4shell vulnerability in the Apache library that contains Log4j, the Cybersecurity and Infrastructure Security Agency (CISA) called for efforts to push forward a software bill of materials (SBOM). Those calls were reiterated today at a Senate hearing on the vulnerability by industry witnesses involved in remediation efforts. […]

supply chain

The Information and Communications Technology (ICT) Supply Chain Risk Management (SCRM) Task Force has met for the first time this calendar year, and designated work on a software bill of materials (SBOM) as one of its primary priorities for 2022, according to a Jan. 11 press release. […]

Officials from the Cybersecurity and Infrastructure Security Agency (CISA) and within the cybersecurity industry are warning of the potential for threat actors to have already exploited the Log4j vulnerability, but are waiting to pull the trigger on any planned exploits until focus on the vulnerability abates. […]

A month after its first public warnings about the Log4j vulnerability, the Cybersecurity and Infrastructure Security Agency (CISA) is continuing to work with Federal agencies and the public to mitigate potential exposure, and also renewing calls for a software bill of materials (SBOM) to aid in system visibility and inventory management. […]

supply chain

The National Telecommunications and Information Administration (NTIA) is seeking feedback on what to include in its Software Bill of Materials (SBOM), as directed by President Biden’s cybersecurity executive order. […]

The House Energy and Commerce Committee’s Subcommittee on Oversight and Investigations today released a report identifying core strategies to address and prevent cybersecurity incidents. After gathering input through hearings, briefings, reports, and roundtables, the subcommittee developed six specific priorities to create stronger protections against cyberattacks. […]

Categories