The National Institute of Standards and Technology (“NIST”) is seeking comments on its second draft of NIST SP 800-161 Rev. 1, “Cyber Supply Chain Risk Management Practices for Systems and Organizations,” published on October 28, 2021. We previously discussed the release of the first draft here. The public comment period currently is open and concludes on December 3, 2021. NIST anticipates releasing a final version during the third quarter of 2022.
The Office of Management and Budget (“OMB”) released its draft Federal Zero Trust Strategy under President Biden’s Executive Order on Improving the Nation’s Cybersecurity (No. 14028) (discussed previously here and
Continue Reading Moving to Zero Trust – CISA and OMB Seek Comments on Zero Trust Publications and Cloud Security Technical Reference Architecture under Cybersecurity Executive Order
The FedRAMP Program Management Office is seeking comments on its draft FedRAMP Authorization Boundary Guidance, Version 2.0, released on July 13, 2021. The public comment period currently is open and closes on September 13, 2021.
Continue Reading Watch Your Boundaries – FedRAMP Releases Draft Authorization Boundary Guidance for Public Comment
As called for in the May 12, 2021 Cybersecurity Executive Order (“EO”) released by the Biden Administration (discussed here), NIST met its deadline to release a definition of “critical software” within 45 days of the date of the Order. The determination of what constitutes “critical software” is a key step in the process set forth in the Order for securing the software supply chain, which will culminate sometime next year in new Federal Acquisition Regulations for contractors that supply software.
Continue Reading Right on Time – NIST Releases Definition of “Critical Software” Per Biden’s Cybersecurity Executive Order