<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=705633339897683&amp;ev=PageView&amp;noscript=1">

Lunch and learn: How to comply with mandatory government cybersecurity requirements impacting open source

Margot van den Broek
by Margot van den Broek
on September 6, 2023

Don't miss the latest from Tidelift

If your organization has any contracts with the U.S. government, then you probably already know that the government has recently begun taking actions to improve cybersecurity that impact organizations selling software to the government. What you may not yet know is that many of the requirements also apply to the open source components organizations are using in the software they sell to the government. 

Here’s a quick recap of some of the most important government actions to improve cybersecurity. It all started with White House cybersecurity executive order 14028; then came…

  • NIST guidance on securing the software supply chain (February, 2022)
  • NIST Secure Software Development Framework (SSDF), SP 800218
  • NIST Software Supply Chain Security Guidance Under Executive Order (EO) 14028 Section 4e
  • OMB Memorandum M-22-18 on Enhancing the Security of the Software Supply Chain through Secure Software Development Practices (September 2022)
  • White House National Cybersecurity Strategy (March 2023)
  • OMB M-23-16 updated guidance regarding M-22-18 requirements (June 2023)
  • White House National Cybersecurity Strategy Implementation Plan (July 2023)

Yep, it’s a lot like alphabet soup, we know. But good news! We’ve read and distilled the key takeaways from all those documents for organizations building applications with open source so you don’t have to.

Join us Thursday, September 14 at 1 p.m. ET for a lunch and learn where Tidelift CEO and co-founder, Donald Fischer, will talk through how these government cybersecurity initiatives impact the third party open source software you pull into your applications, because, spoiler alert: that code will need to comply with government regulations, too. And soon, because compliance deadlines are approaching quickly.

After Donald gives you the download on what you need to know, Tidelift solutions architect Larry Copeland will give you a demo on how Tidelift can help your team comply with these government regulations so your organization can avoid putting government contracts at risk.

RSVP now

And to keep your brain nourished as you prepare for these upcoming regulations and deadlines, we’ll send everyone who registers AND attends a gift card for a free lunch on Tidelift.

Tidelift guide to gov't cybersecurity requirements