NIAP Addresses U.S. Executive Orders, Memorandums, and Policies: SBOM, Cloud, and Zero Trust (B11c)
NIAP is actively examining and integrating emerging technologies in alignment with U.S. Executive Orders and Memorandums, adapting to the evolving security landscape. This talk will provide a comprehensive overview of their plans across various areas, including the introduction of a Software Bill of Materials (SBOM) for Application Software cPP, which enables vendors to submit SBOMs for tracking vulnerabilities. The discussion extends to updates in vulnerability handling procedures and an examination of the implications for the cloud environment, where considerations about Security Functional Requirements (SFRs), Security Assurance Requirements (SARs), and assumptions will be explored concerning NIAP’s MDM Protection Profile. The talk will also highlight NIAP’s strategic incorporation of Zero Trust principles into Protection Profiles.