[Bug Infrastructure/29629] New: Does the server need to meet NIST SP 800-53?

public inbox for overseers@sourceware.org
 help / color / mirror / Atom feed

From: "carlos at redhat dot com" <sourceware-bugzilla@sourceware.org>
To: overseers@sourceware.org
Subject: [Bug Infrastructure/29629] New: Does the server need to meet NIST SP 800-53?
Date: Wed, 28 Sep 2022 12:48:11 +0000	[thread overview]
Message-ID: <bug-29629-14326@http.sourceware.org/bugzilla/> (raw)

https://sourceware.org/bugzilla/show_bug.cgi?id=29629

            Bug ID: 29629
           Summary: Does the server need to meet NIST SP 800-53?
           Product: sourceware
           Version: unspecified
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Infrastructure
          Assignee: overseers at sourceware dot org
          Reporter: carlos at redhat dot com
  Target Milestone: ---

This was raised at GNU Tools Cauldron 2022 in the discussions around increasing
secure supply chain requirements.

Do the upstream servers providing sources for projects need to meet
requirements like NIST SP 800-53?

https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r5.pdf

Even if we don't need to meet the requirements, does meeting them help expand
the usage of FOSS for organizations that adopt the standards?

Note that github does meet a variety of NIST standards as part of their service
offerings:
https://government.github.com/fedramp-faq

Gitlab also provides projects with the ability to comply with various NIST
standards:
https://about.gitlab.com/blog/2022/03/29/comply-with-nist-secure-supply-chain-framework-with-gitlab/

-- 
You are receiving this mail because:
You are the assignee for the bug.

next             reply	other threads:[~2022-09-28 12:48 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-09-28 12:48 carlos at redhat dot com [this message]
2022-09-28 13:14 ` [Bug Infrastructure/29629] " fche at redhat dot com
2022-10-06 17:59 ` mark at klomp dot org
2022-10-14 17:28 ` fche at redhat dot com
2022-10-21 13:25 ` fche at redhat dot com

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=bug-29629-14326@http.sourceware.org/bugzilla/ \
    --to=sourceware-bugzilla@sourceware.org \
    --cc=overseers@sourceware.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).