Cyber-Supply Chain Risk Management (C-SCRM)
NIST gives agencies new guidance to prepare for next SolarWinds-like hack
During the 2020 SolarWinds hack, bad actors were able to access thousands of networks inside and outside government.
Agencies underscore software vulnerabilities in supply chain assessments
The pandemic revealed an overreliance on software developers with opaque supply chains and a high risk of "cascading effects" should their products be compromised.
DHS wants to know how cyber-hygiene contract clauses are affecting vendors
A sample of vendors will soon receive a questionnaire from the agency.