Cybersecurity

NTIA’s cybersecurity multistakeholder processes, conducted in an open and transparent manner, contribute to the security of the nation’s Internet architecture. The consensus-based development of market-based cybersecurity solutions and guidance creates a foundation for increasing digital security. Recent processes include:

Software component transparency -- creating guidance for the use of a “Software Bill of Materials,” which functions as a list of ingredients that make up software components
Internet of Things security – addressing key aspects of IoT security, including upgradability and patchability of connected devices
Cybersecurity vulnerability disclosures – increasing collaboration between security researchers and software and system developers and owners

Request for Comments on Competition in the Mobile App Ecosystem

April 21, 2022

Docket Number

NTIA-2022-0001

NTIA is requesting comments on competition in the mobile application ecosystem. The data gathered through this process will be used to inform the Biden-Harris Administration’s competition agenda, including, but not limited to, the Department of Commerce’s work developing a report to submit to the Chair of the White House Competition Council regarding the mobile application ecosystem.

Topics

Cybersecurity

Marking the Conclusion of NTIA’s SBOM Process

April 9, 2022

In 2018, NTIA launched its Multistakeholder Process on Software Component Transparency, bringing together an active, engaged community to formulate and establish a software bill of materials (SBOM) – a nested inventory that makes up the “ingredients list” for software.

The stakeholders in our process initially focused on defining the problem: the what, the why, and the how of software component transparency. They established common, consensus definitions, and emphasized the importance of a "baseline" SBOM.

Experts from the healthcare and medical device community stepped up early in the process to demonstrate that this idea was both feasible and useful for their industry. They launched the first SBOM "proof of concept," sharing their experiences, successes, and challenges in public documentation from which the broader community could learn.

Next, the community shifted its efforts to jumping technical hurdles, as well as identifying existing tools and gaps in the ecosystem.

They emphasized a mantra of "crawl, then walk, then run" to promote adoption across the ecosystem. They developed videos to help educate the public.

Along the way, what was an obscure idea became a key part of the global agenda around securing software supply chains.

Topics

Cybersecurity

NTIA Releases Minimum Elements for a Software Bill of Materials

July 12, 2021

In his Executive Order (EO) on Improving the Nation’s Cybersecurity, President Biden identified the prevention, detection, assessment and remediation of cyber incidents as a top priority of his Administration. The Commerce Department and NTIA were directed by the EO to publish the minimum elements for a Software Bill of Materials (SBOM), a key tool to help create a more transparent and secure software supply chain. As the President notes, “the trust we place in our digital infrastructure should be proportional to how trustworthy and transparent that infrastructure is.”

An SBOM provides those who produce, purchase, and operate software with information that enhances their understanding of the supply chain. Though an SBOM won’t solve all software security problems, it offers the potential to track known newly emerged vulnerabilities and risks, and it can form a foundational data layer on which further security tools, practices, and assurances can be built.

Topics

Internet Policy

Internet Policy Task Force

Cybersecurity

Secure 5G