The National Security Agency and the Cybersecurity and Infrastructure Security Agency of the Department of Homeland Security have unveiled supply chain best practices for customers.
The document, titled “Securing the Software Supply Chain: Recommended Practices for Customers,” aims to foster communication between software developers, suppliers, customers and cybersecurity professionals that may facilitate streamlining the software supply chain process, NSA said Thursday.
NSA said customers should examine threats by conducting supply chain risk management activities and define risk profiles during the security requirements process.
Enduring Security Framework is a public-private partnership that issues suggestions for securing the U.S. critical infrastructure and improving national security. The NSA and CISA guidelines were developed via collaboration with ESF.
The framework is the last segment of ESF’s three-part joint publication series. The partnership released a version of the guidance for software developers in September and will debut an edition for software customers in the future.