Software supply chain welcomes Biden memo on cybersecurity

The Biden administration has shared a memo requiring agencies to comply with guidance to improve the security and interests of the US software supply chain

The White House has shared a memo requiring agencies to comply with guidance from the Office of Management and Budget (OMB) to improve the security and integrity of the software supply chain.

The new guidance will require agencies to follow secure development practices from the National Institute of Standards and Technology (NIST), a physical sciences laboratory and non-regulatory agency of the US Department of Commerce.

The memo, signed by OMB Director Shalanda Young, is headlined ‘Enhancing the Security of the Software Supply Chain through Secure Software Development Practices’.

In it Young says: “The Federal Government relies on information and communications technology products and services to carry out critical functions. 

Global supply chains facing 'relentless criminal threat'

“The global supply chain for these technologies faces relentless threats from nation state and criminal actors seeking to steal sensitive information and intellectual property, compromise the integrity of government systems, and conduct other acts that impact the government’s ability to safely and reliably provide services to the public.”

The executive order (EO) that the DoJ is urging compliance with focuses on the security and integrity of the software supply chain, and emphasises the importance of secure software development environments. 

In the memo, Young goes on to say: “Ensuring software integrity is key to protecting Federal systems from threats and vulnerabilities and reducing overall risk from cyber-attacks. 

“The NIST guidance provides recommendations to federal agencies on ensuring that the producers of software they procure have been following a risk-based approach for secure software development.

“Federal agencies must only use software provided by software producers who can attest to complying with the government-specified secure software development practices, as described in the NIST Guidance.” 

Supply chain & cybersecurity sectors welcome memo

In supply chain and cybersecurity there has been a generally positive reaction to the memo. 

Sam Curry, Chief Security Officer with Cybereason, posted: “Yesterday’s Office of Management and Budget memo is an indication that the government is taking supply chain risk seriously and beginning to tackle this enormous problem. 

“What matters now is how we build on this. There is no one requirement or one thing that will make it all alright. Security is about building on what is laid down and about the rate of improvement. This says that the government is in the game, and it’s time to get the innovation started.”

The new guidance will require agencies to follow secure development practices from the National Institute of Standards and Technology. According to RKVST, a leading provider of supply chain integrity, transparency and trust, it’s a step in the right direction to distributing secure supply chain information. 

According to RKVST, a leading provider of supply chain integrity, transparency and trust, it’s a step in the right direction to distributing secure supply chain information. 

Jon Geater, Chief Product and Technology Officer at RKVST said: “"We applaud the White House for its commitment to a modern strategy for cybersecurity in the US. 

“The memo sets out guidance and timelines for government agencies to comply with the EO and underscores the importance of tools that securely distribute software supply chain information among all relevant stakeholders and attest to the provenance and integrity of software in critical use cases.”

Share

Featured Articles

P&SC LIVE New York welcomes Dean Ocampo, ServiceNow

Dean Ocampo, Director of Products, Finance and Supply Chain at ServiceNow to speak at Procurement & Supply Chain LIVE New York

P&SC LIVE London Welcomes New Sponsor – LeanLinking

Procurement & Supply Chain LIVE London welcomes Leanlinking as the latest sponsor of the fastest-growing event in London

Procurement & Supply Chain LIVE Dubai is LIVE!

The ultimate virtual event for procurement & supply chain leaders in the Middle East and Africa, Procurement & Supply Chain LIVE Dubai returns in 2024

One Day to Go - Procurement & Supply Chain LIVE Dubai

Digital Supply Chain

Blue Yonder Thriving in Supply Chain Fulfilment

Technology

The Global P&SC Awards - Submissions Deadline Extended

Digital Supply Chain