NIST sets parameters for software supply chain project, building on work from cyber executive order

NIST’s National Cybersecurity Center of Excellence is revealing details for an upcoming project on securing the software supply chain using a DevSecOps implementation approach.

“To help improve the security of DevOps practices, the NCCoE is planning a DevSecOps project that will focus initially on developing and documenting an applied risk-based approach and recommendations for secure DevOps and software supply chain practices consistent with the Secure Software Development Framework (SSDF), Cybersecurity Supply Chain Risk Management (C-SCRM), and other NIST, government, and...