Skip to main content

Comply and Conquer - SSDF Attestation Form and Repo Released!

CISA has released the SSDF Attestation Form on March 11 and Publishes the Repository for Software Attestation and Artifacts on March 18.

In Effort to Bolster Government Cybersecurity, Biden Administration Takes Step to Ensure Secure Development Practices -

https://www.cisa.gov/news-events/news/effort-bolster-government-cybersecurity-biden-administration-takes-step-ensure-secure-development 

 

CISA Publishes Repository for Software Attestation and Artifacts -

https://www.cisa.gov/news-events/news/cisa-publishes-repository-software-attestation-and-artifacts 

 

Supply Chain Attacks in the news:

Solarwinds - https://www.gao.gov/blog/solarwinds-cyberattack-demands-significant-federal-and-private-sector-response-infographic 

Kaseya - https://www.forbes.com/sites/forbestechcouncil/2022/01/25/the2021-kaseyaattack-highlighted-the-seven-deadly-sins-of-future-ransomware-attacks/?sh=6fccbe095f75 

 

Executive Order 14028 on Improving the Nation's Cybersecurity -

https://www.nist.gov/itl/executive-order-14028-improving-nations-cybersecurity 

https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/ 

 

"The Guidance"

Software Supply Chain security guidance under EO 14028 section 4e - https://www.nist.gov/system/files/documents/2022/02/04/software-supply-chain-security-guidance-under-EO-14028-section-4e.pdf 

Secure Software Development Framework (SSDF) Version 1.1 NIST SP 800-218: Recommendations for Mitigating the Risk of Software Vulnerabilities - https://csrc.nist.gov/pubs/sp/800/218/final 

OMB Memorandum M-22-18 Enhancing the Security of the Software Supply Chain through Secure Software Development Practices - https://www.whitehouse.gov/wp-content/uploads/2022/09/M-22-18.pdf 

 

InfusionPoints SSDF Blogs:

SSDF And How It Impacts Your CSO-KAS - https://infusionpoints.com/blogs/ssdf-and-how-it-impacts-your-cso-kas 

Automatically Generating SBOMs For Customers - https://infusionpoints.com/blogs/automatically-generating-sboms-customers 

Generating And Safeguarding Artifacts For SSDF Attestation - https://infusionpoints.com/blogs/generating-and-safeguarding-artifacts-ssdf-attestation 

Authors:

Karen Scarfone
Mike Strohecker
Jason Shropshire