Vigilant Ops Wins Cybersecurity Challenge

Author: vigilantops

U.S. House Passes Supply Chain Security Bill

As part of the response to recent hacks, the United States House of Representatives voted on and passed the DHS Software Supply Chain Risk Management Act of 2021 on October 20, 2021, by a vote of 412-2. The Act covers both new and existing contracts with the Department of Homeland Security (DHS). As a Condition on the Award of Contracts Contractors must submit a bill of materials, defined in this Act as “a list of the parts and components (whether new or reused) of an end product or service,...

Continue reading

FDA Seeking Additional Legislative Authorities

The United States Food and Drug Administration (US FDA) is looking for ways to compel medical device manufacturers to prioritize cybersecurity. Given the rash of ransomware attacks in healthcare, and across other industries, and the recently released Executive Order 14028, which we summarized in an earlier post, the timing seems to be right. According to an interview with Suzanne Schwartz, director of Strategic Partnerships and Technology Innovation at the FDA’s Center for Devices and Radiological...

Continue reading

The Minimum Elements for a Software Bill of Materials (SBOM)

Yesterday, the United States Department of Commerce released The Minimum Elements for a Software Bill of Materials (SBOM), in accordance with President Biden Executive Order 14028 on Improving the Nation’s Cybersecurity. For those who have been following the National Telecommunications and Information Administration (NTIA) SBOM work, you won’t find any surprises in the release. The document thoroughly describes the SBOM, provides motivation for the SBOM as a standard security document, and makes...

Continue reading

NIST Workshop on Supply Chain Security

The National Institute of Standards and Technology (NIST) hosted a virtual workshop on June 2 and 3, 2021 to fulfill the Executive Order on Improving the Nation’s Cybersecurity, which we previewed in a recent post. The order was signed into law by President Biden on May 12, 2021, and includes direction to the Secretary of Commerce for consultation with various stakeholders including representatives of the private and public sectors, as well as academia.  The goal of this consultation is...

Continue reading

Biden Signs Cybersecurity Executive Order

On May 12, 2021 President Biden signed the Executive Order on Improving the Nation’s Cybersecurity, which we previewed in a recent post, into law. The fifteen-page document includes various cybersecurity enhancement recommendations such as the Software Bill of Materials (SBOM) and review and revision of governmental procedures, such as the Federal Acquisition Regulation (FAR), all with associated timelines for completion.  The document is not a straightforward read, and the execution timelines...

Continue reading

How To Prepare for the Cybersecurity Executive Order

On May 12, 2021 President Biden signed the Executive Order on Improving the Nation’s Cybersecurity into law. The fifteen-page document requires sweeping updates and overhauls of various cybersecurity processes and procedures, complete with deadlines for compliance.. Overview In spite of being only fifteen pages in length, the executive order is detailed and complex. It’s quite easy to become overwhelmed by the dependencies between requirements and deadlines for completion. In this document,...

Continue reading