In September 2022, the Biden-Harris administration issued a memo, Enhancing the Security of the Software Supply Chain through Secure Software Development Practices, which built upon existing executive orders and directives to safeguard federal information systems.
These initiatives prompt agencies to strengthen security postures but will also require them to gain better visibility and management of their software supply chain and potential vulnerabilities.
One related effort, the Cybersecurity and Infrastructure Security Agency’s Binding Operational Directive 23-01 – Improving Asset Visibility and Vulnerability Detection on Federal Networks, requires agencies to conduct on-demand asset discovery to fully understand vulnerabilities within 72 hours of receiving a request from CISA.
These directives come simultaneously as the nation works to fill a cyber talent shortage. Agencies are faced with the challenge of pivoting existing strategies to fulfill evolving compliance requirements, while also requiring additional support as agencies transform workflows and workforces.
A software bill of materials, an inventory of software components, libraries, tools, and processes used to deploy a software artifact, is key to helping agencies address the recent memo and other initiatives. Developers can use software artifacts as roadmaps to trace the entire development process.