MITRE’s System of Trust (SoT) is a recently announced framework designed to help evaluate suppliers, supplies, and service providers; this is done to help mitigate software supply chain attacks. MITRE ATT&CK is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations and has helped formulate the SoT.
With its creation spurred by executive order 16025, NIST SSDF is a framework designed to help insure the integrity of critical software infrastructure. While compulsory for federal agencies, this framework may be applied to any government, private, public, or non-profit organization.
Google SLSA, announced in mid-2021, is a framework for ensuring the integrity of software artifacts throughout the software supply chain.
The Federal Risk and Authorization Management Program (FedRAMP) provides a standardized approach to security authorizations for Cloud Service Offerings. This report covers a company’s controls and its operating effectiveness.