New Software Vendor Standards Coming Within Weeks, CISA Head Says 

New Software Vendor Standards Coming Within Weeks, CISA Head Says 

The government is just weeks out from establishing new security standards for providers of its IT, according to Cybersecurity and Infrastructure Security Agency Acting Director Brandon Wales. 


“There's just a lot more that we can do and I think in the coming weeks, you will see the government roll out some of its initiatives in this area,” Wales said at an event Tuesday hosted by the public-private Cyber Initiatives Group.


The Biden administration’s approach to supply chain security is eagerly awaited as major tech companies bemoan what they say was an overly broad effort by former President Donald Trump to limit the import of information and communications technology from “foreign adversaries.” The rule leaves the meaning of that term, and the ultimate decision on whether a given import should be allowed, up to the Commerce Secretary. 


In comments filed Monday with the Commerce Department, which issued the implementing rule for Trump’s executive order on the issue, the Information Technology Industry Council ripped into the document saying “the scope and breadth of this rule remains impossibly broad and raises significant due process concerns.”


At the same time, the breach of federal networks that leveraged access to network monitoring company SolarWinds and insufficient tracking mechanisms in default Microsoft licenses has spurred new calls for raising the bar on vendor security with measures that go beyond banning tech from China and other countries.


“I think it's not necessarily a question of international versus domestic supply chains but it's a matter of what is the supply chain risk management approach that we're taking to identify potentially problematic vendors or critical ..

Support the originator by clicking the read the rest link below.