Hello, Guest!

Cybersecurity

GSA Official Says Identifying Critical Software Essential in Securing Cyber Supply Chain

Software security

GSA Official Says Identifying Critical Software Essential in Securing Cyber Supply Chain

The commissioner of the General Services Acquisition‘s Federal Acquisition Service said the federal IT community must focus on identifying critical software components as it works to address supply chain risks.

Speaking at the ACT-IAC’s Imagine Nation ELC event, Sonny Hashmi said organizations must work to identify code that may impact national security even as the definition of critical software continues to change. He stated that although the National Institute of Standards and Technology has yet to finalize the definition of what critical software is, users must think of the solutions they deploy as if they were critical software, FedScoop reported Tuesday.

The FSA commissioner’s comments come as GSA, NIST and the Cybersecurity and Infrastructure Security Agency continue to develop cyber supply chain guidance for vendors.

CISA is working with the Office of Management and Budget to create a form that departments will use to prove that their software vendors have attested that their technologies meet NIST guidelines. The form is part of cybersecurity guidelines issued by the Biden administration in September.

Following the release of President Joe Biden’s cybersecurity executive order in May 2021, the NIST defined critical software as any solution that is designed to run with elevated privilege, has direct or privileged access to networking or computing resources, is designed to control data or operational technology access, performs a function critical to trust or operates outside of normal trust boundaries with privileged access. NIST said this initial definition would apply to all software forms that are used for operational purposes.

Some software categories that NIST listed as critical are identity, credential and access management; operating systems; container environments; network control and protection; and remote scanning.

Sign Up Now! Potomac Officers Club provides you with Daily Updates and News Briefings about Cybersecurity

Posted on by Lawrence Carter

Category: Cybersecurity

Tags: critical software cybersecurity Cybersecurity and Infrastructure Security Agency Federal Acquisition Service FedScoop General Services Administration National Institute of Standards and Technology Sonny Hashmi supply chain security

Related Articles

Coast Guard Report Highlights Common Cybersecurity Trends Affecting Maritime Transportation System

Coast Guard Report Highlights Common Cybersecurity Trends Affecting Maritime Transportation System

April 19, 2024

 Timothy Haugh: New CYBERCOM Task Force to Deploy AI in Cybersecurity

Timothy Haugh: New CYBERCOM Task Force to Deploy AI in Cybersecurity

April 19, 2024

 NSA Releases Guidance on Secure Deployment of External AI Systems

NSA Releases Guidance on Secure Deployment of External AI Systems

April 17, 2024