This browser is not actively supported anymore. For the best passle experience, we strongly recommend you upgrade your browser.
Welcome to Reed Smith's viewpoints — timely commentary from our lawyers on topics relevant to your business and wider industry. Browse to see the latest news and subscribe to receive updates on topics that matter to you, directly to your mailbox.
| less than a minute read

The Cybersecurity and Infrastructure Security Agency (CISA) releases new cybersecurity resource

A new publication called The Defending Against Software Supply Chain Attacks has been issued by CISA and the National Institute of Standards and Technology (NIST). It provides an overview of software supply chain issues and makes recommendations about how software customers and vendors can identify, assess, and mitigate software supply chain risks. The publication also provides practical guidance associated with the use of the NIST’s Cyber Supply Chain Risk Management (C-SCRM) framework and the Secure Software Development Framework (SSDF).

The publication can be found here:

A software supply chain attack—such as the recent SolarWinds Orion attack—occurs when a cyber threat actor infiltrates a software vendor’s network and employs malicious code to compromise the software before the vendor sends it to their customers. The compromised software can then further compromise customer data or systems.


cybersecurity, federalcontractors, governmentprocurement