The National Institute of Standards and Technology (NIST) is working on a supply chain security framework for the information and communications technology industry and plans to issue a request for information to seek input about goals, principles and potential parameters for the new framework, Federal News Network reported Thursday.
“We really want the stakeholders to tell us where they think the biggest bang for the buck is, or the moonshot,” said Jon Boyens, deputy chief of NIST’s computer security division.
NIST plans to address industry concerns when it comes to sharing sensitive supply chain security data with the government.
“One of our big questions I think we’ll put in the RFI is how to get a trust mechanism similar to what we’re doing in the software world: artifacts, evidence to achieve greater trust, to achieve greater assurance in the supply chain without sacrificing intellectual property,” Boyens said.
NIST has unveiled “recommended minimum standards” for software code testing since the release of the cybersecurity executive order in May and is collaborating with the Federal Trade Commission (FTC) on labeling initiatives to help consumers determine the security of software and internet of things devices.
ExecutiveBiz, sister site of GovConDaily and part of the Executive Mosaic digital media umbrella, will host a virtual event about securing the supply chain on Oct. 26. Visit ExecutiveBiz.com to sign up for the “Supply Chain Cybersecurity: Revelations and Innovations” event.
