Friday, October 8, 2021

DOC Sends Software Supply Chain NPRM to OMB

Yesterday the OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had received a notice of proposed rulemaking from the DOC concerning “Securing the Information and Communications Technology and Services Supply Chain; Connected Software Applications”. This rulemaking was not included in the Spring 2021 Unified Agenda.

While EO 14028, Improving the Nation's Cybersecurity, does not specifically task DOC with a requirement to publish a rule concerning supply chain security, §4 of the EO does provide DOC with a laundry list of software supply chain responsibilities. I suspect that this NPRM is a natural outgrowth of those taskings.

No comments:

/* Use this with templates/template-twocol.html */