CISA, NSA and npm Release Software Supply Chain Guidance
Best practices are designed to help developers bolster security
The National Security Agency (NSA) is a U.S. intelligence authority whose guidance supports cybersecurity defense and cryptographic practice.
Search across headline titles and summaries.
Background for this topic.
NSA is the U.S. National Security Agency, responsible chiefly for signals intelligence (SIGINT)—collecting and analyzing foreign electronic communications and other signals—and for cybersecurity of U.S. national security systems. Its cybersecurity work includes cryptography, secure communications, technical standards and guidance, and coordinated advisories about threats and vulnerabilities. The tag may also cover the agency’s intelligence authorities and disclosures.
For practitioners, NSA advisories can provide threat indicators, exploit details, mitigations, and hardening advice, but their scope and authority matter: many recommendations target classified or other national-security systems rather than ordinary enterprise environments, and are not automatically legal or regulatory requirements. NSA activities can also raise privacy and governance questions around surveillance, vulnerability handling, and access to sensitive systems. Organizations should validate applicability, prioritize mitigations through vulnerability management, and protect NSA-derived threat intelligence and cryptographic guidance from unauthorized disclosure.
Best practices are designed to help developers bolster security
From hero to zero-day ... to plain zero Three former US government cyber-spies who, among other things, illicitly compromised and snooped on Americans' devices for the United Arab Emirates government have been banned from participating in international arms exports under a deal reached with Uncle Sam.…
The U.S. National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have released guidance today with tips on how to secure the software supply chain. [...]
The group's main goal is to monitor foreign adversaries who may interfere with elections