Skip to content
Cybersecuritydata-and-cloud-computingTechnology

Prioritize the security of veterinary software during purchasing processes, advises NIST

Examining potential weak points in supply chains, as defined by last year's executive order, this new guidance illuminates possible scenarios where such vulnerabilities may come to light.

 and  Administrator
2 min read
Secure veterinary software should be considered during corporate purchasing, advises NIST
Secure veterinary software should be considered during corporate purchasing, advises NIST

Prioritize the security of veterinary software during purchasing processes, advises NIST

Last week, the National Institute of Standards and Technology (NIST) published an updated guidance document, aiming to strengthen the cybersecurity of critical software used by federal agencies. This update comes in response to President Joe Biden's May 2021 cybersecurity executive order.

The new guidance connects foundational cybersecurity supply chain management practices to objectives established by the executive order. It encourages the use of separate build environments, audits, multifactor authentication, data encryption, and alert monitoring. Furthermore, it places additional emphasis on practices NIST deems best suited to identify, assess, and respond to cybersecurity supply chain risks in software and cloud-based services.

The updated guidance includes criteria for organizations to evaluate the security practices of developers and suppliers of critical software. It also emphasizes the need for agencies to obtain a Software Bill of Materials (SBOM), including both open source and proprietary code. The SBOM is essential for building and operating software, as it concerns trust and confidence.

The SolarWinds hack, which impacted thousands of organizations globally, highlighted the need for such comprehensive measures. It took months to understand the full extent of the compromise caused by the SolarWinds hack, and the updated NIST guidance aims to help organizations identify risks in the supply chain throughout the lifecycle of a product or service.

The guidance organizes recommendations based on different layers of cybersecurity and the relevancy for specific groups of professionals. It also continues to emphasize the importance of monitoring for potential vulnerabilities in source code, encouraging enterprises to continue monitoring even after the initial stages of implementation.

Jon Boyens, deputy chief of the computer security division at NIST, stated that the guidance can help organizations start, walk, and run their cybersecurity supply chain risk management. The 326-page long guidance focuses on assessing supply chain risks throughout the procurement process, woven with existing standards and practices such as zero-trust architecture.

The updated NIST guidance provides a comprehensive tool for organizations to manage cybersecurity supply chain risks, progressing from initial stages to advanced levels. It is designed to help organizations prioritize the security of critical software, as per Biden's cyber executive order, which requires the federal government to do the same. The SolarWinds hack allowed attackers to gain unfettered access to critical infrastructure for up to 14 months, underscoring the urgency of these measures. The updated NIST guidance aims to help organizations avoid such incidents in the future.

Read also:

Related

Latest