CISA, the National Security Agency (NSA) and the Office of the Director of National Intelligence (ODNI) released the “Securing Software Supply Chain Series – Recommended Practice Guide for Customers” in November. The release is the last of a three-part series on securing the software supply chain.
Many of the major cyber-attacks, resulting in breaches, we have seen in the past year have been due to third-party software that house sensitive information regarding their customers’ environments. To help mitigate this issue CISA, NSA, and ODNI have released guidance for developers, suppliers, and customers of the software supply chain.
The most recent of the three, aimed at customers, reviews a recommended acquisition process, deployment, through end of life. They also outline many threat scenarios along with recommended mitigations. The publication is a great resource for IT departments! This government backed publication can be referenced when attempting to implement more secure processes but are receiving pushback.