Upcoming Federal Cybersecurity Guidance Likely to Address Software Supply Chain Concerns

The News: A top federal cybersecurity official recently indicated that the Office of Management and Budget is preparing new cybersecurity guidance for federal agencies to be released in the coming weeks. The forthcoming requirements seem likely to focus on software supply chain concerns. Read more from NextGov here.

Upcoming Federal Cybersecurity Guidance Likely to Address Software Supply Chain Concerns

Analyst Take: During a recent NextGov event, Steven Hernandez, a top federal cybersecurity official, revealed that a new mandate on software supply chain security is in the works at the Office of Management and Budget. The federal cybersecurity guidance will help agencies understand the provenance of any software that is used on government networks and hold vendors accountable for its security, Hernandez indicated. New guidelines are expected to be released within the next few weeks.

An executive order in May 2021 established the National Institute for Standards and Technology’s Secure Software Development Framework, which is likely to be strengthened and reinforced by the new federal cybersecurity policy guidelines. The framework aims to address software supply chain concerns by requiring key information from vendors, and upcoming guidance may include third-party verification of vendor information among other updates to existing federal cybersecurity practices.

Software Supply Chain Concerns in Federal Cybersecurity

In the wake of the 2020 SolarWinds hacking incident and recent attention to critical vulnerabilities in log4j, an open-source software library, federal cybersecurity concerns have driven an increase in new policies and requirements for agencies and their vendors. Cyber supply chain risk management is a key aspect of federal cybersecurity, and guidance has previously focused on ensuring the security of software through the supply chain by maintaining inventories of software programs and the provenance of the code contained within. This is known as the Software Bill of Materials (or SBoM), and future guidance is expected to require SBoM information from vendors in a machine-readable format to allow for streamlined responses to incidents or vulnerabilities.

Advancement in federal cybersecurity practices is always good news, as the ability for federal agencies to work quickly and securely is vital to national security. It’s safe to say that no one wants to see another SolarWinds incident or malicious data breach that compromises the functionality of our federal agencies or private firms. As technology advances, federal cybersecurity efforts must keep pace in identifying and eliminating vulnerabilities before they result in unforeseen consequences. I look forward to the release of the OMB’s new guidelines and will be following the story as it develops.

Disclosure: Futurum Research is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.

Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of Futurum Research as a whole.

Other insights from Futurum Research:

Making Markets EP25: Poly CEO Dave Shull on Q3, Supply Chain Strain, Service Pivots and The Future of Collaboration

IBM Deepens Its Commitment To Blockchain As Part of New Supply Chain Partnership

The SolarWinds Hack, Clubhouse, Vulnerable Agora SDKs, Microsoft — Some Cybersecurity News You May Have Missed this Week – Futurum Tech Webcast

Image Credit: NextGov

Author Information

Shelly Kramer is a Principal Analyst and Founding Partner at Futurum Research. A serial entrepreneur with a technology centric focus, she has worked alongside some of the world’s largest brands to embrace disruption and spur innovation, understand and address the realities of the connected customer, and help navigate the process of digital transformation. She brings 20 years' experience as a brand strategist to her work at Futurum, and has deep experience helping global companies with marketing challenges, GTM strategies, messaging development, and driving strategy and digital transformation for B2B brands across multiple verticals. Shelly's coverage areas include Collaboration/CX/SaaS, platforms, ESG, and Cybersecurity, as well as topics and trends related to the Future of Work, the transformation of the workplace and how people and technology are driving that transformation. A transplanted New Yorker, she has learned to love life in the Midwest, and has firsthand experience that some of the most innovative minds and most successful companies in the world also happen to live in “flyover country.”


Latest Insights:

Cisco and Intel Bolster Their Ability to Accelerate Private 5G Worldwide by Giving Partners and Customers Access to Three New Innovation Centers
The Futurum Group’s Ron Westfall examines why the expansion of Cisco’s collaboration with Intel can accelerate global private 5G implementations as partners and customers can access three new innovation centers.
Rami Rahim, CEO at Juniper Networks, joins Daniel Newman to share his insights on AI-native networking and its significant impact on the industry, offering a glimpse into Juniper’s innovative approach and future prospects.
A Comprehensive List of Qualcomm’s Most Relevant Generative AI Announcements at Mobile World Congress Barcelona 2024
Olivier Blanchard, Research Director at The Futurum Group, discusses Qualcomm’s latest on-device generative AI announcements at MWC 2024, hinting at the massive market opportunity for OEMs and ISPs.
Qualcomm’s New AI Hub Solves Two Key Challenges for On-Device AI’s Market Opportunity: Velocity and Scale
Olivier Blanchard, Research Director at The Futurum Group, discusses why the Qualcomm AI Hub is exactly what the company and its OEM partners needed to accelerate the on-device AI app ecosystem to boost market adoption of AI-capable devices.