Software companies that sell commercial software products to federal agencies soon must begin attesting to their compliance with guidance designed to enhance the security of the software supply chain. Under a new White House Office of Management and Budget (OMB) memorandum issued September 14, federal agencies must require software “producers” (i.e., the developers of software) to confirm their compliance with specific guidance created by the National Institutes of Standards and Technology (NIST). The OMB memorandum implements the software supply chain enhancements first suggested under Executive Order (EO) 14028, Improving the Nation’s Cybersecurity, on which we’ve previously commented.
Read the full blog post.