United States of America: CISA, NSA and ODNI Guidance for Customers on Securing the Software Supply Chain

Progress

Current status

adopted

17 Nov 2022 adopted

02 Sep 2022 adopted

Scope

Implementers

United States of America

Policy Area

Data governance

Policy Instrument

Cybersecurity regulation

Regulated Economic Activity

technological consumer goods

software provider: other software

Government Branch

executive

Government Body

other regulatory body

Implementation Level

national

Timeline of events

17 Nov 2022

adopted

Published Part three of Guidance on Securing Software Supply Chain Recommended Practices for Customers

On 17 November, the “Guidance for Customers on Securing the Software Supply Chain” was published jointly by the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Office of the Director of National I…

Source

Event type outline

Action type adoption

Government branch executive

Government body other regulatory body

02 Sep 2022

adopted

Published Part One of Guidance on Securing Software Supply Chain Recommended Practices for Developers

On 2 September 2022, the United States Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Office of the Director of National Intelligence (ODNI) published the first part of a three-part joint publication ser…

Source

Event type outline

Action type adoption

Government branch executive

Government body other regulatory body

Progress

Scope

Timeline of events

Published Part three of Guidance on Securing Software Supply Chain Recommended Practices for Customers

Published Part One of Guidance on Securing Software Supply Chain Recommended Practices for Developers

Related changes

United States of America: SEC Rule on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure

United States of America: Joint Resolution providing for Congressional Disapproval of SEC Rule on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure (S.J.Res 50)

United States of America: United States National Cybersecurity Strategy 2023

United States of America: Department of Homeland Security third review on Cloud Security

United States of America: Office of Management and Budget Security Rules for Federal Government Software Suppliers outlining cybersecurity standards

United States of America: 2023 Department of Defense Cyber Strategy

United States of America: SEC rules on enhancing and standardising cybersecurity risk management

United States of America: Executive Order on Ensuring Robust Consideration of Evolving National Security Risks by the Committee on Foreign Investment in the United States

United States of America: NSA Network Infrastructure Security Guidance

United States of America: FCC Inquiry into Vulnerabilities of Internet Global Routing System

United States of America: Export ban measures in US Information Security Controls of Cybersecurity Items

United States of America: CISA Advisory on Russian State-Sponsored Cyber Threats to US Critical Infrastructure

United States of America: Measures to enhance supply chain security for critical software