|
Summary:
|
This Recommendation specifies a systematic methodology for conducting software supply chain security audits with a methodology structured around three core dimensions: security management, security activities, and security technologies, and covers the complete audit lifecycle, including preparation, execution, reporting, and continuous improvement. It defines key concepts related to software supply chain security, including software bill of materials (SBOM), software supply chain lifecycle, and software supply chain attacks and specifies audit content and verification methods for assessing security risks throughout software development, delivery, and operation processes.
By providing a structured audit framework and evaluation methodology, this Recommendation supports the identification, assessment, and remediation of software supply chain security risks, thereby enhancing the security, transparency, and trustworthiness of software supply chains.
|