FedScoop: House passes bill to address software supply chain risk at DHS

“The House passed a bill that would require the Department of Homeland Security to establish a process for identifying materials used in software to mitigate future supply-chain cyberattacks.

A software bill of materials (SBOM) lists the origins of every component, and the DHS under secretary for management would be expected to require them of all contractors furnishing software to the department…”

“The guidance that comes out of the DHS Software Supply Chain Risk Management Act would apply to new and existing contracts and be due within 180 days of enactment.

Aside from an SBOM, contractors would be expected to submit a certification that every software component is security vulnerability and defect free, after referring to the National Institute of Standards and Technology‘s National Vulnerability Database and any others designated by the under secretary in coordination with the Cybersecurity and Infrastructure Security Agency. Contractors would have to notify DHS if vulnerabilities or defects were identified during the certification process, as well as of their plan to address any known issue…”

“‘There’s been a general growth of supply-chain attacks in the software industry of 650%,’ said Brian Reed, chief mobility officer at NowSecure, during an ATARC webinar Thursday. ‘We have seen an astronomical growth in mobile supply chain attacks, along with standard commercial web and PC-type applications as well.’…” Read the full article here.

Source: House passes bill to address software supply chain risk at DHS – By Dave Nyczepir, October 22, 2021. FedScoop.

0
Tags:

This topic contains 0 replies, has 1 voice, and was last updated by  Jackie Gilbert 3 months ago.

  • Author
    Posts
  • #140731

    Replies viewable by members only

    0

You must be logged in to reply to this topic.

CONTACT US

Questions?. Send us an email and we'll get back to you, asap.

Sending

©2022 MileMarker10, LLC all rights reserved | Community and Member Guidelines | Privacy Policy | About G2Xchange FedCiv

Opportunities. Starting Points.

About our Data

The Vault is a listing of expiring contracts, task orders, etc. within a certain set of parameters, to include:

  • Have an initial total estimated contract value of $10 million or above
  • Federal Civilian Only – DHS, Transportation, Justice, Labor, Interior, Commerce, Energy, State, and Treasury Actions
  • NAICS codes include: 511210, 518210, 519130, 519190, 541511,
    541512, 
    541513, 541519, 541611, 541618,
    541690, 541720, 541990
  • Were modified within the last 12 calendar months
  • The data represented is based on information provided by the government

Who has access? Please note that ALL G2Xchange FedCiv Members will receive access to all basic and much of the advanced data. G2Xchange FedCiv Corporate Members will receive access to ALL Vault content (basic and advanced).

Feedback/Suggestions? Contact us at Vault@G2Xchange.com and let us know what you think. 

G2Xchange FedCiv

Log in with your credentials for G2Xchange FedCiv

Forgot your details?