Cybersecurity

NTIA’s cybersecurity multistakeholder processes, conducted in an open and transparent manner, contribute to the security of the nation’s Internet architecture. The consensus-based development of market-based cybersecurity solutions and guidance creates a foundation for increasing digital security. Recent processes include:

Software component transparency -- creating guidance for the use of a “Software Bill of Materials,” which functions as a list of ingredients that make up software components
Internet of Things security – addressing key aspects of IoT security, including upgradability and patchability of connected devices
Cybersecurity vulnerability disclosures – increasing collaboration between security researchers and software and system developers and owners

Notice Requesting Comments on Competition in the Mobile App Ecosystem

April 21, 2022

The Executive Order on Promoting Competition in the American Economy directs the Department of Commerce, in consultation with the Attorney General and the Chair of the Federal Trade Commission (FTC), to conduct a study of the mobile application (app) ecosystem, and submit a report to the Chair of the White House Competition Council, regarding findings and recommendations for improving competition, reducing barriers to entry, and maximizing user benefit with respect to the ecosystem. Through this Request for Comment, NTIA is requesting comments on competition in the ecosystem in which mobil

Topics

Cybersecurity

Request for Comments on Competition in the Mobile App Ecosystem

April 21, 2022

Docket Number

NTIA-2022-0001

NTIA is requesting comments on competition in the mobile application ecosystem. The data gathered through this process will be used to inform the Biden-Harris Administration’s competition agenda, including, but not limited to, the Department of Commerce’s work developing a report to submit to the Chair of the White House Competition Council regarding the mobile application ecosystem.

Topics

Cybersecurity

Marking the Conclusion of NTIA’s SBOM Process

April 9, 2022

In 2018, NTIA launched its Multistakeholder Process on Software Component Transparency, bringing together an active, engaged community to formulate and establish a software bill of materials (SBOM) – a nested inventory that makes up the “ingredients list” for software.

The stakeholders in our process initially focused on defining the problem: the what, the why, and the how of software component transparency. They established common, consensus definitions, and emphasized the importance of a "baseline" SBOM.

Experts from the healthcare and medical device community stepped up early in the process to demonstrate that this idea was both feasible and useful for their industry. They launched the first SBOM "proof of concept," sharing their experiences, successes, and challenges in public documentation from which the broader community could learn.

Next, the community shifted its efforts to jumping technical hurdles, as well as identifying existing tools and gaps in the ecosystem.

They emphasized a mantra of "crawl, then walk, then run" to promote adoption across the ecosystem. They developed videos to help educate the public.

Along the way, what was an obscure idea became a key part of the global agenda around securing software supply chains.

Topics

Cybersecurity