NIST Supply Chain Risk Management - Comments RequestedAug. 16, 2013 SP 800-161 DRAFT Supply Chain Risk Management Practices for Federal Information Systems and Organizations This document provides guidance to federal departments and agencies on identifying, assessing, and mitigating Information and Communications Technology (ICT) supply chain risks at all levels in their organizations. It integrates ICT supply chain risk management (SCRM) into federal agency enterprise risk management activities by applying a multi-tiered SCRM-specific approach, including supply chain risk assessments and supply chain risk mitigation activities and guidance.
|
|
|
Upcoming Events
Sign Up for Our
HP ESP at DHS Open Source Industry Day
OSSI Gold Corporate Members Leslie Ann Kellan, Peter Archibald, Jeff Moreland and Scott Johnson from HP Enterprise Security Products participate in Software Assurance Track session.
Registration Volunteers Emily Livesay and Leslie Ann Kellan
Registration desk volunteers, Leslie-Ann Kellan and Emily Livesay oversee event check-in process. As a non-profit, OSSI Community members provide support that is extremely important to the organization's success.
Platinum Corporate Member Sqrrl
Sqrrl Founder and CEO Oren Falkowitz receives Platinum Corporate Member monument from OSSI Executive Director John Weathersby.
R4IT joins OSSI as Platinum Corporate Member
Executive Director John Weathersby welcomes Butch Rapp, R4IT founder and CEO, as OSSI's newest Platinum Corporate Member.
Exhibitors Present Innovative Open Source Solutions
OSSI exhibitors Red Hat, Basho and Persistent Systems present their unique, innovative solutions to attendees at DHS' Open Source Industry Day.
SRA's Walter Houser and IDA's Dr. David Wheeler
Walter Houser and Dr. David Wheeler discussing the DHS Open Source Industry Day agenda. David spoke about his "Lessons Learned" study during the morning Track 2 session.
U.S. Navy 10th Fleet Sailors
Sailors from the U.S. Navy's 10th Fleet (an operational component of USCYBERCOM) working on the new Open Source KARMA Program participate in DHS' Open Source Industry Day.
Dr. Ron Ross, NIST and Joe Jarzombek, DHS
Dr. Ross responds to audience questions during morning panel discussion focused on software assurance. DHS Software Assurance Lead Joe Jarzombek and other government panelists offered their insight and guidance on the topic.
Attendees arrive for DHS Open Source Industry Day
DHS Ambassador Joe Jarzombek (center) welcomes attendees to DHS Open Source Industry Day 2013. In addition to his speaking role at the event, Joe is a member of the OSSI Government Advisory Board.
CTIC Director David Tohn
Cheasapeake Techology Innovation Center Direcotr David Tohn contributing to the panel discussion at the DHS Open Source Industry Day.
OSSI Senior Advisory Board Member Bob Bigman
Bob Bigman, CEO, 2BSecure and CIA CISO (retired), engaged with attendees at DHS' Open Source Industry Day. His opening keynote address offered his thoughts on "a government CISO's perspective on open source software."
DHS Open Source Industry Day Attendees
Attendees arrive at registration desk for DHS Open Source Industry day. DHS Ambassador Joe Jarzombek welcomes guests to conference.
Expert Panel Members
Marc Jones (center) from CAST Software responds to audience questions in the Software Assurance Track.
John Weathersby and Dave Egts
OSSI Executive Director John Weathersby presents Dave Egts from Red Hat with OSSI Platinum Member monument. Red Hat is a strong supporter of OSSI and a regular contributor to the OSSI community.
SUSE Track Leader Adam Morgan
OSSI Platinum Corporate Member SUSE exhibits their solutions at DHS' Open Source Industry Day. Life Cycle Management Track Leader Adam Morgan (center) from SUSE is a very strong supporter and frequent contributor to the Open Source community and OSSI events.
VMWare presented with Platinum Corporate membership
VMWare receives their OSSI monument from OSSI Executive Director John Weathersby designating VMWare as an official Platinum Corporate Member.
Software Angel of Death - John Keane
Known as the "Software Angel of Death", John Keane responds to audience questions at the recent DHS Open Source Industry Day. John is recognized for his strong will, rigorous testing program and requirement for solid secure code. Additionally, Mr. Keane is a member of the OSSI Government Advisory Board.
Latest News
FBI Flash advisory with indicators related to malicious activity being conducted by the Syrian Electronic Army (SEA). The attached information provides technical details in describing how SEA targets potential victims and recommendations to users to limit their exposure to this and similar exploitations.
NIST Supply Chain Risk Management - Comments Requested
Aug. 16, 2013
SP 800-161
DRAFT Supply Chain Risk Management Practices for Federal Information Systems and Organizations
This document provides guidance to federal departments and agencies on identifying, assessing, and mitigating Information and Communications Technology (ICT) supply chain risks at all levels in their organizations. It integrates ICT supply chain risk management (SCRM) into federal agency enterprise risk management activities by applying a multi-tiered SCRM-specific approach, including supply chain risk assessments and supply chain risk mitigation activities and guidance.
NIST requests comments on Draft NIST SP 800-161 by October 15, 2013. Please submit comments to This e-mail address is being protected from spambots. You need JavaScript enabled to view it with "Comments NIST SP 800-161" in the subject line. A template for submitting comments is provided below.This alert contains information regarding potential targeted social media attacks by the Syrian Electronic Army.
- This information is from the FBI Cyber division regarding an emergingcyber threat as it pertains to financial transactions.
omgubuntu.co.uk August 14, 2013 by Joey-Elijah Sneddon
Canonical’s Ubuntu Edge campaign has raised more money than any other project on IndieGoGo or Kickstarter – the two post popular crowd-funding platforms.
Copyright © 2000-2012 The Open Source Software Institute
