[Bug Infrastructure/29629] New: Does the server need to meet NIST SP 800-53?
carlos at redhat dot com
sourceware-bugzilla@sourceware.org
Wed Sep 28 12:48:11 GMT 2022
https://sourceware.org/bugzilla/show_bug.cgi?id=29629
Bug ID: 29629
Summary: Does the server need to meet NIST SP 800-53?
Product: sourceware
Version: unspecified
Status: NEW
Severity: normal
Priority: P2
Component: Infrastructure
Assignee: overseers at sourceware dot org
Reporter: carlos at redhat dot com
Target Milestone: ---
This was raised at GNU Tools Cauldron 2022 in the discussions around increasing
secure supply chain requirements.
Do the upstream servers providing sources for projects need to meet
requirements like NIST SP 800-53?
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r5.pdf
Even if we don't need to meet the requirements, does meeting them help expand
the usage of FOSS for organizations that adopt the standards?
Note that github does meet a variety of NIST standards as part of their service
offerings:
https://government.github.com/fedramp-faq
Gitlab also provides projects with the ability to comply with various NIST
standards:
https://about.gitlab.com/blog/2022/03/29/comply-with-nist-secure-supply-chain-framework-with-gitlab/
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the Overseers
mailing list