NIST responded to the May 12, 2021 President's Executive Order which directed "NIST to solicit input from the private sector, academia, government agencies, and others and to identify existing or develop new standards, tools, best practices, and other guidelines to enhance software supply chain security." The July 9, 2021 NIST report entitled "NIST Delivers Two Key Publications to Enhance Software Supply Chain Security Called for by Executive Order" included these guidelines:
- criteria to evaluate software security,
- criteria to evaluate the security practices of the developers and suppliers themselves, and
- innovative tools or methods to demonstrate conformance with secure practices.
Great news that NIST was timely in getting this work done!
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.