New NIST Special Publication (SP 800-204D) Shines Light on Security of Cloud Software Supply Chains>
Executive Gov – Jamie Bennet
NIST has issued a special publication (SP 800-204D) on integrating security into continuous integration/continuous delivery (CI/CD) pipelines for cloud-native applications.
The goal is to support DevSecOps practices and defend organizations’ software supply chains against cyberattacks and defects from due diligence gaps.
It provides guidance based on input from experts and policies like the Biden executive order on improving software supply chain security.
NIST’s own Secure Software Development Framework also informed the new publication.
Authors came from NIST, Purdue University, and cybersecurity firm TestifySec.
Recent attacks targeting various stages of the software development life cycle prompted NIST to release this guidance on securing CI/CD pipelines and the software supply chain.
The publication aims to help organizations adopt practices that integrate security measures throughout their development and release processes for cloud applications.
Link: https://executivegov.com/2024/02/nist-special-publication-shines-light-on-security-of-cloud-software-supply-chains