Original release date: April 26, 2021
A software supply chain attack—such as the recent SolarWinds Orion attack—occurs when a cyber threat actor infiltrates a software vendor’s network and employs malicious code to compromise the software before the vendor sends it to their customers. The compromised software can then further compromise customer data or systems.
To help software vendors and customers defend against these attacks, CISA and the National Institute for Standards and Technology (NIST) have released Defending Against Software Supply Chain Attacks. This new interagency resource provides an overview of software supply chain risks and recommendations. The publication also provides guidance on using NIST’s Cyber Supply Chain Risk Management (C-SCRM) framework and the Secure Software Development Framework (SSDF) to identify, assess, and mitigate risks.
CISA encourages users and administrators to review Defending Against Software Supply Chain Attacks and implement its recommendations.
This product is provided subject to this Notification and this Privacy & Use policy.
CISA has received multiple reports of a large-scale spear-phishing campaign targeting organizations in several sectors,…
CISA released four Industrial Control Systems (ICS) advisories on October 31, 2024. These advisories provide…
Fortinet has updated their security advisory addressing a critical FortiManager vulnerability (CVE-2024-47575) to include additional…
Apple released security updates to address vulnerabilities in multiple Apple products. A cyber threat actor…
CISA released one Industrial Control Systems (ICS) advisory on October 22, 2024. These advisories provide…
Cisco released its October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled…
This website uses cookies.