CISA, NSA, and Partners Release New Guidance on Securing the Software Supply Chain

Today, CISA, the National Security Agency (NSA), and partners released Securing the Software Supply Chain: Recommended Practices for Software Bill of Materials Consumption. Developed through the Enduring Security Framework (ESF), this guidance provides software developers and suppliers with industry best practices and principles, including managing open source software and software bills of materials (SBOM), to maintain and provide awareness about the security of software.

Organizations can use this guide to assess and measure their security practices relative to the software lifecycle; the suggested practices may be applied across the acquisition, deployment, and operational phases of a software supply chain.

CISA encourages cybersecurity defenders to review this guidance and to speak to their software vendors about implementing its recommendations.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA, NSA, and Partners Release New Guidance on Securing the Software Supply Chain

Please share your thoughts

CISA Releases Two Industrial Control Systems Advisories

CISA Releases Three Industrial Control Systems Advisories

CISA and FBI Release Secure by Design Alert to Urge Manufacturers to Eliminate Directory Traversal Vulnerabilities

CISA and Partners Release Fact Sheet on Defending OT Operations Against Ongoing Pro-Russia Hacktivist Activity

CISA, NSA, and Partners Release New Guidance on Securing the Software Supply Chain

Please share your thoughts

Related Advisories

CISA Releases Two Industrial Control Systems Advisories

CISA Releases Three Industrial Control Systems Advisories

CISA and FBI Release Secure by Design Alert to Urge Manufacturers to Eliminate Directory Traversal Vulnerabilities

CISA and Partners Release Fact Sheet on Defending OT Operations Against Ongoing Pro-Russia Hacktivist Activity