Securing the Software Supply Chain: Recommended Practices Guide for Customers and accompanying Fact Sheet

Supported by CISA, the National Security Agency (NSA), and the Office of the Director of National Intelligence, the Enduring Security Framework Working Group (a cross-sector, public-private working group) developed a three-part series for securing the software supply chain. This final part of the series guides software customers through the procurement, testing, deployment, and patching process; it also includes much needed guidance for software bill of materials (SBOMs).