A whole alphabet soup of agencies, offices and councils are springing up in D.C. and beyond. They’re trying to help us with the software supply chain security problem.
It’s all about cybersecurity supply chain risk management, as the Washington wonks now insist on calling it. Beltway chatter is all C-SCRM this, guidance that and policy the other.
Sounds terrifying. In this week’s Secure Software Blogwatch, we remember Ronald Reagan.
Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Larf action.
CISA and FASC and NIST — oh my!
What’s the craic? Cate Burgan reports — “C-SCRM Weighing on Minds of Feds”:
“Collaboration with the private sector”
A top official at the Cybersecurity and Infrastructure Security Agency (CISA) said that we can expect to see “much more” guidance from agency cyber gurus in the coming months on Cybersecurity Supply Chain Risk Management (C-SCRM). … Michael Duffy, associate director of the Cybersecurity Division at CISA … explained that his agency has a duty to provide help to organizations by passing along real, sustainable, and effective guidance for good cyber…
