Securing IT assets has never been more of a challenge. The IT landscape is under a daily bombardment of cyber-attacks. Disruption and financial loss caused by ransomware, data theft, and security breaches is unsustainable.
The current administration has acted to shrink the cyber-attack surface of federal agencies. An executive order issued by the White House last year, “Improving the Nation’s Cybersecurity” (EO 14028), charges multiple federal agencies with enhancing cybersecurity by making the software supply chain less vulnerable to attacks.
The EO directs the National Institute of Standards and Technology (NIST) to identify and develop new standards, tools, best practices, and other guidelines to better secure the software supply chain. The goal is to use innovative tools to improve the software security practices of agencies, developers, and suppliers, in part by encouraging vendors to deliver products with robust, built-in cybersecurity features.
The White House went further in September, issuing memorandum M22-18, which requires agencies to inventory all relevant software within 90 days and develop a consistent process for communicating cybersecurity requirements to vendors. The memo directs CISA to establish mechanisms for documenting compliance and sharing security information among federal agencies.
What does it all mean for agencies, especially chief information officers (CIOs) and chief information security officers (CISOs) responsible for managing the complex requirements on tight deadlines using limited budgets?
To find out, join us February 16, 2023, for a webinar featuring a distinguished panel of cybersecurity experts. Panelists will discuss agencies’ plans for implementing the new cybersecurity executive orders, including the use of software bills of materials (SBOMs) to mitigate cyber risk, thwart cyber incidents, and defend against supply-chain attacks.