Yesterday the OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had received a notice of proposed rulemaking from the DOC concerning “Securing the Information and Communications Technology and Services Supply Chain; Connected Software Applications”. This rulemaking was not included in the Spring 2021 Unified Agenda.
While EO
14028, Improving the Nation's Cybersecurity, does not specifically task DOC
with a requirement to publish a rule concerning supply chain security, §4 of the EO does
provide DOC with a laundry list of software supply chain responsibilities. I
suspect that this NPRM is a natural outgrowth of those taskings.
No comments:
Post a Comment