Zero trust, Critical Infrastructure Security

Feds usher in software security efforts

The Register reports that the U.S. has been moving to advance software security following the executive order issued by the Biden administration that sought to bolster the cyber defenses of the federal government, with the Department of Defense presenting a roadmap outlining its zero-trust strategy. Total zero-trust implementation is expected by the Defense Department by 2027, with the department's strategy aimed at meeting four key goals concerning zero-trust awareness and training among its employees, system-wide zero-trust coverage, continued tech advancements, and the congruence of policies and funding with zero-trust approaches. Such a strategy is crucial amid persistent attacks against DoD systems, particularly from China and other nation-state actors, according to DoD Chief Information Officer John Sherman. Meanwhile, White House Office of Management and Budget Director Shalanda Young has been urged by the Information Technology Industry Council to clarify a memo issued in September that ordered federal agencies to ensure software manufacturers' adherence to NIST security requirements by requiring a software bill of materials submission from vendors. "We are concerned that these requests will be applied differently across the government, even within agencies. This creates ambiguity and may ultimately delay progress towards the government's important software security goals," said ITI Executive Vice President of Policy for the Public Sector Gordon Bitko.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.