NIST Issues Guidance for Addressing Software Supply-Chain Risk

  /     /     /  
Publicated : 23/11/2024   Category : security


NIST Issues Guidance for Addressing Software Supply-Chain Risk


Amid ongoing software supply-chain jitters, the US top tech division is offering a finalized, comprehensive cybersecurity control framework for managing risk.



The National Institute of Standards and Technology (NIST) has updated its cybersecurity guidance for addressing software supply-chain risk, offering tailored sets of suggested security controls for various stakeholders.
Software supply-chain attacks rocketed to the top of the enterprise worry list last year as the
SolarWinds
and
Log4Shell
incidents sent shockwaves through the IT security community. Security practitioners are increasingly concerned about the safety of open source components and third-party libraries that make up the building blocks of thousands of applications. Another cause of worry is the varied ways platforms can be abused, as in the
Kaseya attack
last year, when cybercriminals compromised a managed application, or with SolarWinds, where they hacked an update mechanism to deliver malware.
NISTs
latest publication
(PDF) offers specific risk-management guidance for profiles such as cybersecurity specialists, risk managers, systems engineers, and procurement officials. Each profile matches up with a set of recommended controls, such as implementing secure remote access mechanisms for tapping the software supply chain, or enacting the principle of least privilege, or taking an inventory of all software suppliers and products.
Managing the cybersecurity of the supply chain is a need that is here to stay, said NIST publication author Jon Boyens, in a
Thursday announcement
. If your agency or organization hasnt started on it, this is a comprehensive tool that can take you from crawl to walk to run, and it can help you do so immediately.
The development
follows from an Executive Order
issued by President Biden last year, which directs government agencies to improve the security and integrity of the software supply chain, with a priority on addressing critical software.

Last News

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
NIST Issues Guidance for Addressing Software Supply-Chain Risk