Committed to connecting the world

  •  

ITU-T work programme

[2025-2028] : [SG17] : [Q4/17]

[Declared patent(s)]  - [Associated work]

Work item: X.2106 (ex X.ssc-sa)
Subject/title: Guidelines for software supply chain security audit
Status: Determined on 2026-06-10 [Issued from previous study period]
Approval process: TAP
Type of work item: Recommendation
Version: New
Equivalent number: -
Timing: 2026-06 (Medium priority)
Liaison: ISO/IEC JTC 1/SC 27 WG4
Supporting members: China Telecom, China Unicom
Summary: This Recommendation specifies a systematic methodology for conducting software supply chain security audits with a methodology structured around three core dimensions: security management, security activities, and security technologies, and covers the complete audit lifecycle, including preparation, execution, reporting, and continuous improvement. It defines key concepts related to software supply chain security, including software bill of materials (SBOM), software supply chain lifecycle, and software supply chain attacks and specifies audit content and verification methods for assessing security risks throughout software development, delivery, and operation processes. By providing a structured audit framework and evaluation methodology, this Recommendation supports the identification, assessment, and remediation of software supply chain security risks, thereby enhancing the security, transparency, and trustworthiness of software supply chains.
Comment: -
Reference(s):
  Historic references:
Contact(s):
Lizhu SU, Editor
ITU-T A.5 justification(s):
Generate A.5 drat TD
-
[Submit new A.5 justification ]
See guidelines for creating & submitting ITU-T A.5 justifications
First registration in the WP: 2023-09-20 23:49:14
Last update: 2026-06-26 12:04:33