What the White House Memo on Supply Chain Security Means for You
The security and integrity of technology supply chains is an issue that directly affects virtually every modern organization. Every organization naturally relies on technology, and vulnerabilities or threats within technology supply chains can allow adversaries to compromise that technology before it is ever delivered to the customer. Over the past year, the White House has taken repeated measures to make supply chain security a top priority for federal agencies, most notably with the release of Executive Order 14028, Improving the Nation’s Cybersecurity, in May of 2021. The order called for NIST to issue guidance regarding secure software development as well as supply chain security, and for the Office of Management and Budget (OMB to comply with those guidelines. NIST provided this guidance via SP 800-218, Secure Software Development Framework (SSDF) and the NIST Software Supply Chain Security Guidance. On September 14, 2022, the White House closed the loop by issuing memo M-22-18, which directs federal agencies to comply with the NIST guidance.