[Bug Infrastructure/29629] New: Does the server need to meet NIST SP 800-53?

carlos at redhat dot com sourceware-bugzilla@sourceware.org
Wed Sep 28 12:48:11 GMT 2022


https://sourceware.org/bugzilla/show_bug.cgi?id=29629

            Bug ID: 29629
           Summary: Does the server need to meet NIST SP 800-53?
           Product: sourceware
           Version: unspecified
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Infrastructure
          Assignee: overseers at sourceware dot org
          Reporter: carlos at redhat dot com
  Target Milestone: ---

This was raised at GNU Tools Cauldron 2022 in the discussions around increasing
secure supply chain requirements.

Do the upstream servers providing sources for projects need to meet
requirements like NIST SP 800-53?

https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r5.pdf

Even if we don't need to meet the requirements, does meeting them help expand
the usage of FOSS for organizations that adopt the standards?

Note that github does meet a variety of NIST standards as part of their service
offerings:
https://government.github.com/fedramp-faq

Gitlab also provides projects with the ability to comply with various NIST
standards:
https://about.gitlab.com/blog/2022/03/29/comply-with-nist-secure-supply-chain-framework-with-gitlab/

-- 
You are receiving this mail because:
You are the assignee for the bug.


More information about the Overseers mailing list