Application Security , Critical Infrastructure Security , Governance & Risk Management

Sound Off: What's in OMB's Latest Cybersecurity Guidance?

Grant Schneider Sounds Off on OMB Deliverable for Secure Software

"Sound Off" is a new video series that explores one topical question, in depth, with information security and privacy leaders.

See Also: Software Metrics in Automotive Applications

Grant Schneider, senior director of cybersecurity services, Venable

The U.S. Office of Management and Budget recently released its latest deliverable as part of President Joe Biden's cybersecurity executive order, on "Enhancing the Security of Federally Procured Software." In this week's "Sound Off," former federal CISO Grant Schneider discusses the implications of this guidance and shares best practices for how agencies and organizations can improve the security of their software supply chain.

The OMB's statement is a continuation of last May's cybersecurity executive order that requires the government to only purchase software that is developed securely. It tasks the National Institute of Standards and Technology to "issue guidance identifying practices that enhance the security of the software supply chain," which it published on Feb. 4, 2022.

Schneider says that in addition to directing agencies to implement the NIST guidance, the OMB statement seeks industry feedback. "Service providers and third-party providers will need to attest to the fact that they're meeting the NIST guidance and that they are producing secure software," he says.

In a video interview with Information Security Media Group, Schneider discusses:

  • The latest OMB announcement and its implications for federal agencies;
  • The challenges ahead for agencies and realistic expectations for progress this year;
  • Best practices for implementing NIST's Secure Software Development Framework.

Prior to Venable, Schneider served as the U.S. deputy federal CISO and the U.S. federal CISO and as senior director for cybersecurity policy on the White House National Security Council. Before that, he served for seven years as chief information officer for the Defense Intelligence Agency.

Don't miss our previous installments of "Sound Off," including the Feb. 21 edition with attorney Lisa Sotto, who conducts a post-mortem on the Colonial Pipeline ransomware attack, and the Feb. 25 edition with former CISO of PNC Bank David Pollino, who considers how banks can prepare for the Russia-Ukraine crisis.


About the Author

Anna Delaney

Anna Delaney

Director, ISMG Productions

An experienced broadcast journalist, Delaney conducts interviews with senior cybersecurity leaders around the world. Previously, she was editor-in-chief of the website for The European Information Security Summit, or TEISS. Earlier, she worked at Levant TV and Resonance FM and served as a researcher at the BBC and ITV in their documentary and factual TV departments.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.