Supply Chain Security Workshop by NIST

NIST Workshop on Supply Chain Security

June 21, 2021 | vigilantops | Blog, In the News, News & Events

The National Institute of Standards and Technology (NIST) hosted a virtual workshop on June 2 and 3, 2021 to fulfill the Executive Order on Improving the Nation’s Cybersecurity, which we previewed in a recent post. The order was signed into law by President Biden on May 12, 2021, and includes direction to the Secretary of Commerce for consultation with various stakeholders including representatives of the private and public sectors, as well as academia. The goal of this consultation is to identify standards, tools, and best practices for the enhancement of supply chain security. The initial application will be the enhancement and modernization of federal government software procurement practices and procedures.

The virtual workshop hosted more than 1,400 participants and, prior to the workshop, a call for position papers yielded more than 150 submissions. Vigilant Ops submitted a position paper discussing the deployment of automated tools that continuously check for vulnerabilities and the maintenance of accurate and up-to-date information about third-party software components.

Some important dates from the Executive Order

July 12, 2021
- minimum set of elements for Software Bill of Materials (SBOM) published
- guidance outlining security measures for critical software published

February 12, 2022
- Secretary of Commerce will issue guidance that will require
  - Providing an SBOM to purchasers of products
  - Maintenance of third-party software components
  - Deployment of automated security tools
  - And others…

In summary, the executive order offers sweeping recommendations across various areas of Federal government, and for recommendations on how best to interpret the requirements of the executive order so that you can begin preparing your organization, download our healthcare-specific guide – How to Prepare for the Cybersecurity Executive Order.

Founded in 2019, Vigilant Ops is an innovator in the medical device cybersecurity industry. Led by seasoned medical device cybersecurity experts with more than forty years of combined experience, Vigilant Ops provides medical device manufacturers and hospitals with unprecedented insight into device risk profiles, enabling proactive management of threats before they impact the quality of patient care.

For more information about Vigilant Ops or the InSight Platform, please visit our website at www.vigilant-ops.com
Or drop us an email at: inquiries@vigilant-ops.com

Ken Zalevsky
ken.zalevsky@vigilant-ops.com
412-704-4600