This is a potential security issue, you are being redirected to https://csrc.nist.gov.
Forums are held 2-3 times / year and are FREE and OPEN TO THE PUBLIC; registration is required.
Our next SSCA Forum Virtual** Event will be held on Wednesday, June 16 at 11 am eastern time. Our two sessions feature speakers from the Health Sector and the Energy Sector. While each sector has their own unique characteristics and challenges, many of the cyber-supply chain risk management and software and hardware assurance practices, tools, and security controls are cross-cutting in nature and can be applied by any organization. We hope you can join us to learn about some of the great work occurring in these two sectors. We will close out the event by providing a brief update on NIST’s efforts related to Executive Order 14028.
SSCA Co-Chair will provide opening remarks, review Chatham House Rules
Chris van Schijndel, Cybersecurity Director for Global Supply, Johnson & Johnson & Co-chair of the Health Sector Coordinating Council Sub-Group for Supply Chain
Vish Gadgil - Subject Matter Expert and Co-chair of the Health Sector Coordinating Council Sub-group for Supply Chain
The co-chairs of the HSCC Sub-group for supply chain will discuss their second release of the Health Industry Cybersecurity Supply Chain Risk Management Guide (HIC-SCRiM), targeted at smaller and mid-sized health organizations. They will also describe several C-SCRM related initiatives currently underway.
Cheri Caddy, Senior Advisor, Cybersecurity, Office of Cybersecurity, Energy Security and Emergency Response (CESER), Department of Energy
The Office of Cybersecurity, Energy Security & Emergency Response will describe DOE’s programs for working with operational technology manufacturers and energy sector asset owners to discover, mitigate, and engineer out cyber vulnerabilities in digital components in Energy Sector critical supply chains.
Brief update on NIST’S efforts related to Executive Order on Improving the Nation’s Cybersecurity (14028)
SSCA Co-Chair will close out event
Cyber risk has become a topic of core strategic concern for business and government leaders worldwide and is an essential component of an enterprise risk management strategy. The Software and Supply Chain Assurance Forum (SSCA) provides a venue for government, industry, and academic participants from around the world to share their knowledge and expertise regarding software and supply chain risks, effective practices and mitigation strategies, tools and technologies, and any gaps related to the people, processes, or technologies involved.
The effort is co-led by the National Institute of Standards and Technology (NIST), the Department of Homeland Security (DHS), the Department of Defense (DoD), and the General Services Administration (GSA). Participants represent a diverse group of career professionals including government officials, chief information security officers, those in academia with cybersecurity and supply chain specialties, system administrators, engineers, consultants, vendors, software developers, managers, analysts, specialists in IT and cybersecurity, and many more fields.
SSCA forums are held 2-3 times/year and are free and open to all interested parties.
While the general intent is to share information, the SSCA Forum also offers government and private sector participants, including international participants, an opportunity to openly collaborate by presenting and receiving feedback on current and potential future work. Most events are two to three days long and contain a mixture of discussion and presentation; interaction is always strongly encouraged. To encourage open interaction, SSCA Forum meetings operate under the Chatham House Rule, meaning “participants are free to use the information received, but neither the identity nor the affiliation of the speaker(s), nor that of any other participant, may be revealed,” though many speakers allow NIST to post their presentations on this website.
To receive information about upcoming meetings and related publications and activities, please sign up for the sw.assurance Google Group - operated by NIST - here: https://groups.google.com/a/list.nist.gov/forum/#!forum/sw.assurance
The forum, initially called the Software Assurance (SwA) Forum and Working Groups, was initiated in 2003 as a Department of Homeland Security (DHS)-sponsored Cross-Sector Cyber Security Working Group (CSCSWG) established under auspices of the Critical Infrastructure Partnership Advisory Council (CIPAC) that provides legal framework for public-private collaboration and participation. Its purpose was to bring together a stakeholder community to protect the Nation’s key information technologies, most of which are enabled and controlled by software. Over time, the community evolved and broadened the scope to include additional focus on the supply chain. Events were held quarterly; Summer and Winter sessions were intended for working group-type discussions while the Spring and Fall sessions were reserved for more traditional forum presentations.
As of 2014, the Forums are operated under the Chatham House Rule, meaning “participants are free to use the information received, but neither the identity nor the affiliation of the speaker(s), nor that of any other participant, may be revealed”. On occasion, a speaker may wish to provide their slides to the group, in which case links to those presentations will be embedded in the corresponding agendas here:
Agendas and presentations for events prior to 2014 are not available.
Security and Privacy: controls assessment, cyber supply chain risk management, information sharing, malware, risk assessment, security controls, security measurement, security programs & operations, systems security engineering, vulnerability management
Laws and Regulations: Comprehensive National Cybersecurity Initiative, Cybersecurity Enhancement Act, Cybersecurity Strategy and Implementation Plan, Cyberspace Policy Review, Executive Order 13636, Federal Acquisition Regulation, Federal Information Security Modernization Act, Homeland Security Presidential Directive 12, OMB Circular A-130