Software Supply Chain Attacks | CISA & NIST

The Defending Against Software Supply Chain Attacks, released by CISA and the National Institute of Standards and Technology (NIST), provides an overview of software supply chain risks and recommendations on how software customers and vendors can use the NIST Cyber Supply Chain Risk Management (C-SCRM) Framework and the Secure Software Development Framework (SSDF) to identify, assess, and mitigate software supply chain risks.

This resource provides in-depth recommendations for software customers and vendors as well as key steps for prevention, mitigation and resilience of software supply chain attacks.