Fwd: [sw.assurance] REGISTER | NIST Workshop: EO 14028 - Enhancing Software Supply Chain Security

Skip to first unread message

John Scott

Oct 27, 2021, 3:11:32 PM10/27/21
to mil...@googlegroups.com

On October 27, 2021 at 1:01:35 PM, 'Boyens, Jon M. (Fed)' via sw.assurance (sw.ass...@list.nist.gov) wrote:




Cybersecurity Insights

Registration is now OPEN! Workshop on EO 14028 – Guidelines for Enhancing Software Supply Chain Security Including Standards, Procedures, & Criteria

Join NIST at our upcoming workshop on November 8, 2021 at 1:00 PM EST as we share and discuss the approach that NIST is taking to support Section 4e of the President’s Executive Order (EO) on “Improving the Nation’s Cybersecurity (14028)” issued on May 12, 2021. This EO charged multiple agencies – including NIST– with enhancing cybersecurity through a variety of initiatives related to the security and integrity of the software supply chain.

NIST recently released Draft Special Publication (SP) 800-218, Secure Software Development Framework (SSDF) Version 1.1: Recommendations for Mitigating the Risk of Software Vulnerabilities. The SSDF is a set of fundamental, sound practices for secure software development based on established standards and guidelines produced by various organizations. The SSDF directly addresses several practices that were called out in Section 4e—and provides a starting point for discussing other practices that Section 4e specifies. To support this important discussion, NIST is soliciting input about the types of meaningful artifacts of secure software development that software producers can share publicly in the form of self-declaration and attestation. 

This workshop aims to bring together experts with different viewpoints to share their insights on producing and sharing artifacts of secure software development tools and processes, as well as on attesting to following specific secure software development practices. Speakers from NIST and the private sector will discuss the EO, cover topics such as: the NIST SSDF; self-declaration and attestation; generating and sharing process and tool artifacts; criteria and attestation approaches for code provenance; and vulnerability disclosure programs—topped off by a facilitated Q&A with our lineup of interesting speakers.

Register Now!


Connect with us


Received this email from a friend? Subscribe here.


You are subscribed to receive updates to NIST Cyber Blog from the National Institute of Standards and Technology (NIST).

Subscriber services:

Manage Preferences  |  Unsubscribe  |  Help

If you have questions or problems with the subscription service, please contact subscriberhelp.govdelivery.com.
Technical questions? Contact inqu...@nist.gov. (301) 975-NIST (6478).

This service is provided to you at no charge by National Institute of Standards and Technology (NIST). 100 Bureau Drive, Stop 1070 · Gaithersburg, MD 20899 · 301-975-6478

GovDelivery logo

To unsubscribe from this group, send email to sw.assurance...@list.nist.gov
View this message at https://list.nist.gov/sw.assurance
To unsubscribe from this group and stop receiving emails from it, send an email to sw.assurance...@list.nist.gov.
Reply all
Reply to author
0 new messages