Securing the Cyber/Software Supply Chain

Executive Order 14028 (Improving the Nation’s Cybersecurity) established new requirements to secure the federal government’s software supply chain. The requirements involved systematic reviews, process improvements, and security standards for both software suppliers and developers, in addition to customers who acquire software for the federal government.

The software supply chain is only truly secure when all entities throughout the public sector carry out effective and coordinated security measures to ensure the integrity of the supply chain. This virtual workshop will review key practices in cyber supply chain risk management, including how to develop a strategy that contains standards, information sharing, and involvement of all the stakeholders.

Learning objectives include:

• Hear examples of how agencies are mitigating software supply chain security risks and complying with government guidelines (M-21-30, M-22-18, and SP 800-218).
• Learn how to respond to vulnerabilities on a continuous basis
• Hear an overview of the threats the software supply chain faces
• Understand risk management and cybersecurity best practices to help protect the software supply chain