NOTE: This workshop has taken place. More than 1,400 participants took part in the June 2-3 virtual event, with many actively involved by posing questions or joining the online chat. More than 150 position papers were submitted; they are available here. A high-level summary of the workshop can be found here.
The National Institute of Standards and Technology (NIST) will host a virtual workshop on June 2 and 3, 2021 to enhance the security of the software supply chain and to fulfill the President’s Executive Order on Improving the Cybersecurity of the Federal Government (14028), issued on May 12, 2021.
Among other things, Section 4 of that Executive Order (EO) directs the Secretary of Commerce, through NIST, to consult with federal agencies, the private sector, academia, and other stakeholders in identifying standards, tools, best practices, and other guidelines to enhance software supply chain security. Those standards and guidelines will be used by other agencies to govern the federal government’s procurement of software. The EO includes additional assignments to NIST which will be addressed in other forums, although discussions at this workshop will inform those actions by NIST. This workshop focuses on assignments in Section 4 of the EO.
The goals of the workshop are to:
The agenda for the two-day workshop, which will take place from 1-5 pm EDT on each day, will be based on submissions to NIST by the private, public, and non-profit sectors in the form of two-page position papers. These papers from organizations and individuals will be reviewed for their diversity of ideas in order to ensure that NIST considers a wide range of approaches for achieving the goal of the EO and that the standards and guidelines identified are practical and effective. NIST seeks to build on existing approaches and capabilities to avoid duplication and to speed implementation of needed security steps while also encouraging creative thinking and new approaches. All suggestions in position papers must be consistent with and within the scope of the assignments specified by the EO. Topics and speakers selected for the workshop will be based largely on these position papers. NIST expects speakers to participate in panel discussions.
Timelines in the EO are very tight, as are the deadlines for contributing position papers for this workshop. All submissions must be received by NIST no later than May 26, 2021.
NIST seeks position statements in five areas.
Position papers should specify which of the five areas is being addressed and be a maximum of two pages in length. Supplemental material may be provided but selections of position papers to be presented at the workshop will be based on the brief papers. Submissions will be accepted from those who do not wish to be considered as speakers. For those who wish to be considered as speakers at the workshop, submissions should include the individual’s names, titles, and contact information. NIST will make available online all statements which are within the scope of this request but reserves the right to withhold publication of material deemed inappropriate, including strictly promotional information.
Position papers should be submitted to: swsupplychain-eo [at] nist.gov (swsupplychain-eo[at]nist[dot]gov) no later than May 26, 2021. Receipt of submissions will be acknowledged via email.
Registration for the no-fee virtual workshop. Workshop attendees will be able to submit questions online during the sessions. A recording of the workshop is expected to be available after the event. Advance registration will be required.
Questions about the position papers should be directed to: swsupplychain-eo [at] nist.gov (swsupplychain-eo[at]nist[dot]gov).