Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CISA proposed definition for "security support" as part of NCSIP Initiative 3.3.2 #51

Open
justmurphy opened this issue Oct 17, 2024 · 0 comments
Open

CISA proposed definition for "security support" as part of NCSIP Initiative 3.3.2 #51

justmurphy opened this issue Oct 17, 2024 · 0 comments
Labels
tc-discussion Further TC discussion is needed

Comments

@justmurphy
Copy link
Contributor

justmurphy commented Oct 17, 2024
edited
Loading

As part of the National Cybersecurity Strategy Implementation Plan, Initiative Number 3.3.2 "Advance software bill of materials (SBOM) and mitigate risk of unsupported software", the US Cybersecurity & Infrastructure Security Agency (CISA) is tasked to "...explore requirements for a globally-accessible database for end-of-life/end-of-support software...", including the value it could provide (or not provide), use cases, requirements, and feasibility.

CISA is proposing the following definition for the term "security support":

"A reasonable expectation of a predictable, effective response to a new security risk."

Alignment with the efforts of the OpenEoX TC is a priority, and CISA welcomes any feedback re: the proposed definition from the TC.
@justmurphy justmurphy added the tc-discussion Further TC discussion is needed label Oct 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
tc-discussion Further TC discussion is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@justmurphy