[IDS] Fwd: [sw.assurance] REGISTER | NIST Workshop: EO 14028 - Enhancing Software Supply Chain Security

Thu Oct 28 21:37:36 UTC 2021

FYI

---------- Forwarded message ---------
From: 'Boyens, Jon M. (Fed)' via sw.assurance <sw.assurance at list.nist.gov>
Date: Wed, Oct 27, 2021 at 1:01 PM
Subject: [sw.assurance] REGISTER | NIST Workshop: EO 14028 - Enhancing
Software Supply Chain Security
To: SW.ASSURANCE <SW.ASSURANCE at list.nist.gov>, federal_cscrm at list.nist.gov <
federal_cscrm at list.nist.gov>

[image: NIST]

View As Web Page
<https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDAsInVyaSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMTEwMjYuNDc5MDY4OTEiLCJ1cmwiOiJodHRwczovL2NvbnRlbnQuZ292ZGVsaXZlcnkuY29tL2FjY291bnRzL1VTTklTVC9idWxsZXRpbnMvMmY5M2NjMSJ9.hXXBBw4G4FuD8EWm1I_BoxCTOtq463ukKO2L_Str1W8/s/134140706/br/114644621870-l>

[image: Header]
Cybersecurity Insights
Registration is now OPEN! Workshop on EO 14028 – Guidelines for Enhancing
Software Supply Chain Security Including Standards, Procedures, & Criteria

Join NIST at our upcoming workshop
<https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDEsInVyaSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMTEwMjYuNDc5MDY4OTEiLCJ1cmwiOiJodHRwczovL3d3dy5uaXN0Lmdvdi9uZXdzLWV2ZW50cy9ldmVudHMvMjAyMS8xMS9leGVjdXRpdmUtb3JkZXItMTQwMjgtZ3VpZGVsaW5lcy0lMDNlbmhhbmNpbmctc29mdHdhcmUtc3VwcGx5LWNoYWluIn0.Ku23Hb9cKjj7ZTpcCdHZx2X4lkcRE6iUR8XBBHrBpdA/s/134140706/br/114644621870-l>
on November 8, 2021 at 1:00 PM EST as we share and discuss the approach
that NIST is taking to support Section 4e of the President’s Executive
Order (EO) on “Improving the
<https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDIsInVyaSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMTEwMjYuNDc5MDY4OTEiLCJ1cmwiOiJodHRwczovL3d3dy5mZWRlcmFscmVnaXN0ZXIuZ292L2QvMjAyMS0xMDQ2MCJ9.AvliYWlGVomm6Px0lQpDaX-ipMAI14tMnM0EeXI6kS4/s/134140706/br/114644621870-l>
 Nation’s
<https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDMsInVyaSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMTEwMjYuNDc5MDY4OTEiLCJ1cmwiOiJodHRwczovL3d3dy5mZWRlcmFscmVnaXN0ZXIuZ292L2QvMjAyMS0xMDQ2MCJ9.HP2lpSG_2Gcufh3S5s5QGFIEdzmLVwuxjh4j4wQ31pU/s/134140706/br/114644621870-l>Cybersecurity
(14028)
<https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDQsInVyaSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMTEwMjYuNDc5MDY4OTEiLCJ1cmwiOiJodHRwczovL3d3dy5mZWRlcmFscmVnaXN0ZXIuZ292L2QvMjAyMS0xMDQ2MCJ9.oRvVUi4ZcyR8BKj7utscuNiQSVV9P4P9vbgUi6gEgWs/s/134140706/br/114644621870-l>”
issued
on May 12, 2021. This EO charged multiple agencies – including NIST– with
enhancing cybersecurity through a variety of initiatives related to the
security and integrity of the software supply chain.

NIST recently released Draft Special Publication (SP) 800-218, *Secure
Software Development Framework (SSDF) Version 1.1: Recommendations for
Mitigating the Risk of Software Vulnerabilities*
<https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDUsInVyaSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMTEwMjYuNDc5MDY4OTEiLCJ1cmwiOiJodHRwczovL2NzcmMubmlzdC5nb3YvcHVibGljYXRpb25zL2RldGFpbC9zcC84MDAtMjE4L2RyYWZ0In0.0OvZswhc1nmfY6_qjWFRrYuIXizH8gKjoMSLh_fbEO8/s/134140706/br/114644621870-l>.
The
SSDF is a set of fundamental, sound practices for secure software
development based on established standards and guidelines produced by
various organizations. The SSDF directly addresses several practices that
were called out in Section 4e—and provides a starting point for discussing
other practices that Section 4e specifies. To support this
important discussion, NIST is soliciting input about the types of
meaningful artifacts of secure software development that software producers
can share publicly in the form of self-declaration and attestation.

This workshop aims to bring together experts with different viewpoints to
share their insights on producing and sharing artifacts of secure software
development tools and processes, as well as on attesting
to following specific secure software development practices. Speakers from
NIST and the private sector will discuss the EO, cover topics such as: the
NIST SSDF; self-declaration and attestation; generating and sharing process
and tool artifacts; criteria and attestation approaches for code
provenance; and vulnerability disclosure programs—topped off by a
facilitated Q&A with our lineup of interesting speakers.
Register Now!
<https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDYsInVyaSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMTEwMjYuNDc5MDY4OTEiLCJ1cmwiOiJodHRwczovL3d3dy5uaXN0Lmdvdi9uZXdzLWV2ZW50cy9ldmVudHMvMjAyMS8xMS9leGVjdXRpdmUtb3JkZXItMTQwMjgtZ3VpZGVsaW5lcy0lMDNlbmhhbmNpbmctc29mdHdhcmUtc3VwcGx5LWNoYWluIn0.3Db97arL5lMW25pr4FnMVyF_2L3DAY5IR5LVBvJBG9M/s/134140706/br/114644621870-l>

Connect with us

[image: twitter]
<https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDcsInVyaSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMTEwMjYuNDc5MDY4OTEiLCJ1cmwiOiJodHRwczovL3R3aXR0ZXIuY29tL25pc3RjeWJlciJ9.9WyGHPFEDFIYi604uYcAsz3rxHh6M2J0P73WLEN1jqk/s/134140706/br/114644621870-l>

Received this email from a friend? Subscribe here
<https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDgsInVyaSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMTEwMjYuNDc5MDY4OTEiLCJ1cmwiOiJodHRwczovL3B1YmxpYy5nb3ZkZWxpdmVyeS5jb20vYWNjb3VudHMvVVNOSVNUL3N1YnNjcmliZXIvbmV3In0.78nNVx9sa2POn_8-1HEQzhIFHMFVlzHHucpqlUeRwCg/s/134140706/br/114644621870-l>
.

[image: NIST]
<https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDksInVyaSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMTEwMjYuNDc5MDY4OTEiLCJ1cmwiOiJodHRwOi8vd3d3Lm5pc3QuZ292LyJ9.8VSUUM3af6PbOa7ox3z6S820W6SVUVcXwXGOyIcQ-uI/s/134140706/br/114644621870-l>

*You are subscribed to receive updates to NIST Cyber Blog from the National
Institute of Standards and Technology (NIST).*

*Subscriber services:*

*Manage Preferences
<https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMTAsInVyaSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMTEwMjYuNDc5MDY4OTEiLCJ1cmwiOiJodHRwczovL3B1YmxpYy5nb3ZkZWxpdmVyeS5jb20vYWNjb3VudHMvVVNOSVNUL3N1YnNjcmliZXIvZWRpdD9wcmVmZXJlbmNlcz10cnVlI3RhYjEifQ.LHnSJ-M6i2EcolD-iQsyrLzwvohR3Qe5KK4GBBqrrLw/s/134140706/br/114644621870-l>
 |  Unsubscribe
<https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMTEsInVyaSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMTEwMjYuNDc5MDY4OTEiLCJ1cmwiOiJodHRwczovL3B1YmxpYy5nb3ZkZWxpdmVyeS5jb20vYWNjb3VudHMvVVNOSVNUL3N1YnNjcmliZXIvZWRpdD9wcmVmZXJlbmNlcz10cnVlI3RhYjEifQ.ZqUO94ORPgyq8Mhnr9HHk6mD7HoPZdJQjOpMY-GqbiY/s/134140706/br/114644621870-l>
 |  Help
<https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMTIsInVyaSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMTEwMjYuNDc5MDY4OTEiLCJ1cmwiOiJodHRwczovL3N1YnNjcmliZXJoZWxwLmdvdmRlbGl2ZXJ5LmNvbS8ifQ.WiZbQbwDzO_n1Z590JvpMWE_tQcVjLx0E6iBWiJYCoo/s/134140706/br/114644621870-l>*
------------------------------

If you have questions or problems with the subscription service, please
contact subscriberhelp.govdelivery.com
<https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMTMsInVyaSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMTEwMjYuNDc5MDY4OTEiLCJ1cmwiOiJodHRwczovL3N1YnNjcmliZXJoZWxwLmdvdmRlbGl2ZXJ5LmNvbS8ifQ.wdFNvNIKYgae0tw5p_2TO2sZBiCOcOTj4xcVi11pcc8/s/134140706/br/114644621870-l>
.
Technical questions? Contact inquiries at nist.gov. (301) 975-NIST (6478).

This service is provided to you at no charge by National Institute of
Standards and Technology (NIST). 100 Bureau Drive, Stop 1070 ·
Gaithersburg, MD 20899 · 301-975-6478

[image: GovDelivery logo]
<https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMTQsInVyaSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMTEwMjYuNDc5MDY4OTEiLCJ1cmwiOiJodHRwczovL3N1YnNjcmliZXJoZWxwLmdyYW5pY3VzLmNvbS8ifQ.vH3lxtUr3ySOGMBBHIQnajJCGk6vlY7bnctNWCpmJk0/s/134140706/br/114644621870-l>

-- 
To unsubscribe from this group, send email to
sw.assurance+unsubscribe at list.nist.gov
View this message at https://list.nist.gov/sw.assurance
---
To unsubscribe from this group and stop receiving emails from it, send an
email to sw.assurance+unsubscribe at list.nist.gov.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.pwg.org/pipermail/ids/attachments/20211028/96412acf/attachment-0001.html>