Federal agencies must “immediately” adopt guidance on software supply chain security as required under the May 2021 cybersecurity executive order, the Office of Management and Budget stated on Wednesday.
For government buyers, this means starting the process of putting the Secure Software Development Framework from the National Institute of Standards and Technology into practice. Under the framework, buyers are required to obtain attestations that software products conform to certain development best practices as a way of ensuring a secure software supply chain.
