June 2023
Intermediate to advanced
336 pages
10h 12m
English
Content preview from Software Transparency
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
CHAPTER 8Existing and Emerging Government Guidance
In this chapter, we will discuss existing and emerging publications addressing software supply chain security from governmental and public sector organizations. These publications build on existing commercial guidance that we discussed in the previous chapter and account for some of the unique requirements of the Department of Defense (DoD), U.S. Federal Civilian Executive Branch (FCEB) agencies, and the National Security Agency (NSA), among others.
Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations
In early 2020, the National Institute of Standards and Technology (NIST) first released special publication (SP) 800-161, “Cybersecurity Supply Chain Risk Management (C-SCRM) Practices for Systems and Organizations.” However, as with many other resources discussed throughout this book, the Cybersecurity Executive Order (EO) 14028 warranted an update to the original NIST C-SCRM publication. The Cybersecurity EO's Sections 4(b), 4(c), and 4(d) specifically focused on software supply chain concerns, and because of that, NIST published their response and guidance in 800-161 Revision 1 Appendix F, the “Response to Executive Order 14028's Call to Publish Guidelines for Enhancing Software Supply Chain Security.” Rather than embed the guidance within the broader 800-161 document, NIST published it online as a stand-alone resource (www.nist.gov/itl/executive-order-14028-improving-nations-cybersecurity/software-security-supply-chains ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.