The National Institute of Standards and Technology has opened for public comment a new draft report outlining strategies for integrating software supply chain security in DevSecOps continuous integration/continuous delivery pipelines.
The draft NIST Special Publication 800-204D aims to ensure that security measures are embedded in the agile software development life cycle to ensure the overall security of the software supply chain, the agency said Wednesday.
The NIST framework provides actionable steps to integrate the various SSC security building blocks into DevSecOps CI/CD pipelines to prepare organizations to deploy cyber-hardened cloud-native applications.
According to NIST, due diligence practices must be followed during the SDLC to prevent malicious threat actors from exploiting attack vectors and ensure that cloud-based software applications are free of defects.
Comments are due Oct. 13.
Related Articles
The General Services Administration has launched USAi, a secure generative artificial intelligence suite designed to help federal agencies experiment with AI tools and accelerate AI adoption. GSA said Thursday the launch of USAi advances the priorities in the White House’s America’s AI Action Plan, which seeks to strengthen U.S. leadership in AI through coordinated federal action, streamlined adoption and smarter infrastructure. A panel discussion at the Potomac Officers Club’s 2025 Navy Summit on Aug. 26 will explore generative AI and how it optimizes decision-making within the service branch. Book your spot now at this GovCon networking event! Expanding Federal Government’s
Nextgov/FCW reported that the Federal Acquisition Regulatory Council on Thursday released new model deviation text for six parts of the FAR as part of the Revolutionary FAR Overhaul, or RFO, initiative. In April, President Donald Trump signed an executive order directing his administration to amend FAR to streamline the federal procurement process and eliminate barriers to doing business with the government. In June, the FAR Council released model deviation text for sections related to emergency acquisitions, contract modifications and acquisition of information and communication technology, or ICT. The overhauled FAR parts include sections related to administrative and information matters; required sources of
The National Science Foundation and NVIDIA will invest $152 million in the development of advanced, open-source artificial intelligence models aimed at accelerating American scientific discovery. The public-private investment will support the Open Multimodal AI Infrastructure to Accelerate Science project led by the Allen Institute for AI, or Ai2, NSF said Thursday. Public-Private Investment for Open Source AI Models NSF will provide $75 million, with NVIDIA contributing $77 million. The initiative supports the White House AI Action Plan and aims to ensure the United States remains a leader in AI-powered research and innovation. “As called for in the AI Action Plan,