Congress passes DHS software supply chain bill

Members of the House of Representatives recently voted to pass the Department of Homeland Security (DHS) Software Supply Chain Risk Management Act of 2021 (H.R. 4611), a measure aiming to further secure software provided to DHS by contractors.

According to the new act, the DHS under secretary will issue guidance on future and ongoing software contracts. The bill specifies that new and existing contractors must provide certification that each item provided in their contract is free of known vulnerabilities and defects affecting the security of the end product or service. In order to provide this certification, contractors can reference the National Institute of Standards and Technology Vulnerability Database or any other database that tracks software security defects and vulnerabilities designated by the DHS under secretary in coordination with the director of the Cybersecurity and Infrastructure Agency.

The DHS guidance is expected to be released 180 days after the bill's enactment.

Madeline Lauver is a former Editor in Chief at Security magazine. Within her role at Security, Lauver focused on news articles, web exclusives, features and several departments for Security’s monthly digital edition, as well as managing social media and multimedia content.

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.