Last week, Rep Torres (D,NY) introduced HR 4611, the DHS Software Supply Chain Risk Management Act of 2021. The bill would require DHS to develop contract guidance to require that proposed contract bids would include a planned bill of materials for covered information and communications technology or service and a certification that such materials are free of known security vulnerabilities. The guidance would go into effect 180 days after the enactment of this bill.
NOTE: This review is based upon a Committee Print of the bill provided by the House Homeland Security Committee. The official GPO version has not yet been printed.
As I mentioned yesterday, this bill will be marked-up by the House Homeland Security Committee tomorrow. I expect that the bill will pass with significant bipartisan support. That would allow the bill to be considered by the full House under the suspension of the rules process.
For more details about the provisions of the bill and my
look at its relation to software-bill-of-materials as defined by NIST, see my
article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/hr-4611-introduced
- subscription required.
Posts
No comments:
Post a Comment