Search
Login
Registration and sponsorships are now open for the Fifth Annual Six Five Summit June 11-13! Click here for more details

Upcoming Federal Cybersecurity Guidance Likely to Address Software Supply Chain Concerns

The News: A top federal cybersecurity official recently indicated that the Office of Management and Budget is preparing new cybersecurity guidance for federal agencies to be released in the coming weeks. The forthcoming requirements seem likely to focus on software supply chain concerns. Read more from NextGov here.

Upcoming Federal Cybersecurity Guidance Likely to Address Software Supply Chain Concerns

Analyst Take: During a recent NextGov event, Steven Hernandez, a top federal cybersecurity official, revealed that a new mandate on software supply chain security is in the works at the Office of Management and Budget. The federal cybersecurity guidance will help agencies understand the provenance of any software that is used on government networks and hold vendors accountable for its security, Hernandez indicated. New guidelines are expected to be released within the next few weeks.

An executive order in May 2021 established the National Institute for Standards and Technology’s Secure Software Development Framework, which is likely to be strengthened and reinforced by the new federal cybersecurity policy guidelines. The framework aims to address software supply chain concerns by requiring key information from vendors, and upcoming guidance may include third-party verification of vendor information among other updates to existing federal cybersecurity practices.

Software Supply Chain Concerns in Federal Cybersecurity

In the wake of the 2020 SolarWinds hacking incident and recent attention to critical vulnerabilities in log4j, an open-source software library, federal cybersecurity concerns have driven an increase in new policies and requirements for agencies and their vendors. Cyber supply chain risk management is a key aspect of federal cybersecurity, and guidance has previously focused on ensuring the security of software through the supply chain by maintaining inventories of software programs and the provenance of the code contained within. This is known as the Software Bill of Materials (or SBoM), and future guidance is expected to require SBoM information from vendors in a machine-readable format to allow for streamlined responses to incidents or vulnerabilities.

Advancement in federal cybersecurity practices is always good news, as the ability for federal agencies to work quickly and securely is vital to national security. It’s safe to say that no one wants to see another SolarWinds incident or malicious data breach that compromises the functionality of our federal agencies or private firms. As technology advances, federal cybersecurity efforts must keep pace in identifying and eliminating vulnerabilities before they result in unforeseen consequences. I look forward to the release of the OMB’s new guidelines and will be following the story as it develops.

Disclosure: Futurum Research is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.

Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of Futurum Research as a whole.

Other insights from Futurum Research:

Making Markets EP25: Poly CEO Dave Shull on Q3, Supply Chain Strain, Service Pivots and The Future of Collaboration

IBM Deepens Its Commitment To Blockchain As Part of New Supply Chain Partnership

The SolarWinds Hack, Clubhouse, Vulnerable Agora SDKs, Microsoft — Some Cybersecurity News You May Have Missed this Week – Futurum Tech Webcast

Image Credit: NextGov

Author Information

Shelly Kramer is a Principal Analyst and Founding Partner at Futurum Research. A serial entrepreneur with a technology centric focus, she has worked alongside some of the world’s largest brands to embrace disruption and spur innovation, understand and address the realities of the connected customer, and help navigate the process of digital transformation. She brings 20 years' experience as a brand strategist to her work at Futurum, and has deep experience helping global companies with marketing challenges, GTM strategies, messaging development, and driving strategy and digital transformation for B2B brands across multiple verticals. Shelly's coverage areas include Collaboration/CX/SaaS, platforms, ESG, and Cybersecurity, as well as topics and trends related to the Future of Work, the transformation of the workplace and how people and technology are driving that transformation. A transplanted New Yorker, she has learned to love life in the Midwest, and has firsthand experience that some of the most innovative minds and most successful companies in the world also happen to live in “flyover country.”

SHARE:

Latest Insights:

CHIPs Act Update: US Secures Domestic Production of Advanced Chips
Olivier Blanchard

CHIPs Act Update: US Secures Domestic Production of Advanced Chips

TSMC, Samsung, and Intel All Announced Agreements
Olivier Blanchard, Research Director at The Futurum Group, shares his insights on the geopolitical, market, and supply chain implications of finally securing domestic semiconductor chip production.
BMC Scoops Up Netreo for Big Buy in IT Monitoring and Management
Steven Dickens

BMC Scoops Up Netreo for Big Buy in IT Monitoring and Management

The Strategic Acquisition of Netreo by the Global Software Solutions Leader Has the Potential to Reshape the Future of IT Monitoring and Management
Discover insights from Steven Dickens, Vice President and Practice Lead at The Futurum Group, on how BMC's strategic acquisition of Netreo will shape the future of IT monitoring and management.
Bitcoin in the Dynamic Investment Landscape
Steven Dickens

Bitcoin in the Dynamic Investment Landscape

April 19 ‘Halving’ and New ETFs May Alter the Finance Ecosystem
Steven Dickens, VP and Practice Leader at The Futurum Group, highlights that as Bitcoin has introduced spot Bitcoin ETFs and experiences its fourth halving, it continues to redefine the financial landscape.
IBM Invests in Canadian Cloud Sovereignty
Steven Dickens and Sam Holschuh

IBM Invests in Canadian Cloud Sovereignty

Unveiling the Montreal Multizone Region
Steven Dickens, Vice President and Practice Lead, and Sam Holschuh, Analyst, at The Futurum Group share their insights on IBM’s strategic investment in Canadian cloud sovereignty with the launch of the Montreal Multizone Region.
Functional Groups & Business Units
Practice Areas
Services
News and Insights
Media
Connect
Linkedin Youtube Facebook
The Futurum Group

(833) 722-5337

501 West Ave.
Suite 2102
Austin TX 78701

© 2024 The Futurum Group. All rights reserved. Privacy Policy | Terms & Conditions

Welcome to The Futurum Group

Login to The Futurum Group
Login to Futurum Intelligence
Login to Futurum Labs Research Library