Defending Against Software Supply Chain Attacks

This resource, released by CISA and the National Institute of Standards and Technology (NIST), provides an overview of software supply chain risks and recommendations on how software customers and vendors can use the NIST Cyber SCRM (C-SCRM) Framework and the Secure Software Development Framework (SSDF) to identify, assess, and mitigate software supply chain risks. It also provides in-depth recommendations and key steps for prevention, mitigation, and resilience of software supply chain attacks.