“The Office of Management and Budget is preparing to release new requirements around software supply chain and cybersecurity, according to a top federal cybersecurity official. While discussing future priorities for federal cybersecurity during a Nextgov event Thursday, Steven Hernandez, chief information security officer for the Education Department and chair of the Federal CISO Council, said a new mandate on software supply chain is forthcoming...” “Pushed to elaborate, Hernandez said policymakers have been working to codify efforts by NIST and other cybersecurity-focused pockets of government like the Cybersecurity and Infrastructure Security Agency, or CISA, to help agencies understand the provenance of software used on government networks and to hold vendors accountable for maintaining security over that code. ‘We’re going to see a lot more discussion around software,’ Hernandez said. ‘NIST has done a fantastic job of putting out the first version of the Secure Software Development Framework and I think the next step is going to be the agencies are going to now need to start to execute against that and say, ‘Hey, vendors, you are critical software. We’re going to need you to talk to us and explain how you’re meeting the requirements of the Secure Software Development Framework.’...” Read the full article here. Source: Federal Agencies Likely to Get New Cybersecurity Guidance ‘In Coming Weeks’ – By Aaron Boyd, May 5, 2022. Nextgov.