Procurement standards
Biden Administration Seeks to Secure Commercial Software With New Regulations
Commercially produced software will be subject to new procurement and security regulations, according to a White House announcement. The move is in line with the Executive Order on Improving the Nation’s Cybersecurity enacted in 2021 by President Joe Biden.
According to an Office of Management and Budget spokesperson, the National Institute of Standards and Technology’s Secure Software Development Framework will serve as the basis for the standards to be implemented. SSDF outlines safe practices throughout the software development cycle, including methods for securing environments and maintaining records for all software release components, FCW reported Friday.
A cybersecurity fact sheet released by the White House earlier in October indicated, among others, a new drive to leverage federal procurement powers to protect private sector software. The document also describes an executive branch initiative aimed at establishing a product labeling system for internet of things products.
Labels on devices and software are meant to prove that contractors are abiding by government security standards.
Stakeholders see the White House announcement as a step toward the adoption of software bills of materials, which are lists of components that aid in determining products’ susceptibility to exploits.
Chris Wysopal, founder and chief technology officer of Veracode, told FCW that SBOMs enable companies, contractors and agencies to evaluate the source code of software they build, use or intend to purchase.
Category: Cybersecurity