Continuous Assurance and Software Supply Chain Security

This is the second in a series of articles examining the new NIST SP 800-218 guidelines, with our recommendations for best practices to achieve compliance.

As we discussed in our previous article, guidelines established by the US National Institute of Standards and Technology (NIST) will dramatically alter the way in which software products and services are supplied to the United States government.

Specifically, NIST SP 800-218 establishes a set of high-level, secure software development practices that are to be integrated into every Software Development Life Cycle (SDLC). The incorporation of these practices throughout the software supply chain is expected to promote more secure products and services for delivery not only to the US government, but, ultimately, across industries and around the globe.

In this article, we examine the role of Continuous Assurance (CA) in meeting these requirements and its implementation in your SDLC. First, we take a broad look at Continuous Assurance, why it is needed, and how it works. Then, we provide some examples and recommendations for collecting evidence and explore how this evidence can be used to verify the security of your products.

Download the article to find out how you can use CA to improve your security posture and trust in the software supply chain in general.

All Resources

Last Resources

In this webinar Tom Alrich and Barak Brudo will discuss how you can fix the fact that VEX is far from being ready, but yet very…
Researchers found a 633% year-over-year increase in software supply chain attacks in 2022 so far, and there has been an annual, overall increase of 742% since 2019. In this Episode, Barak Brudo (Developer Relations Advocate at Scribe Security) and I have discussed some of the finer points of Software Supply Chain Security, from what it is to what you can do today to make your company’s code much more secure (hint, use an SBOM).