Skip to content

Commit

Permalink
Added resources discussed today on call. #10
Browse files Browse the repository at this point in the history
  • Loading branch information
@stevespringett
stevespringett committed May 28, 2020
1 parent 14693cf commit baef989
Showing 1 changed file with 17 additions and 11 deletions.
28 changes: 17 additions & 11 deletions en/0x91-Appendix-B_References.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,20 +4,26 @@ The following resources may be useful to users and adopters of this standard:

## OWASP Projects

* OWASP Packman: [https://github.com/OWASP/packman](https://github.com/OWASP/packman)
* OWASP Software Assurance Maturity Model (SAMM): [https://owasp.org/www-project-samm/](https://owasp.org/www-project-samm/)
* [OWASP Packman](https://github.com/OWASP/packman)
* [OWASP Software Assurance Maturity Model (SAMM)](https://owasp.org/www-project-samm/)


## Others

* InnerSource: [https://www.oreilly.com/library/view/adopting-innersource/9781492041863/ch01.html](https://www.oreilly.com/library/view/adopting-innersource/9781492041863/ch01.html)
* Cybersecurity Maturity Model Certification (CMMC): [https://www.acq.osd.mil/cmmc/](https://www.acq.osd.mil/cmmc/)
* NIST 800-53: [https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/draft](https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/draft)
* NIST 800-171: [https://csrc.nist.gov/publications/detail/sp/800-171/rev-2/final](https://csrc.nist.gov/publications/detail/sp/800-171/rev-2/final)
* NTIA Documents on Software Bill of Materials: [https://www.ntia.doc.gov/SBOM](https://www.ntia.doc.gov/SBOM)
* [InnerSource](https://www.oreilly.com/library/view/adopting-innersource/9781492041863/ch01.html)
* [Cybersecurity Maturity Model Certification (CMMC)](https://www.acq.osd.mil/cmmc/)
* [NIST 800-53 Security and Privacy Controls for Federal Information Systems and Organizations](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf)
* [NIST 800-161 Supply Chain Risk Management Practices for Federal Information Systems and Organizations](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-161.pdf)
* [NIST 800-171 Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations](https://csrc.nist.gov/publications/detail/sp/800-171/rev-2/final)
* [NTIA Documents on Software Bill of Materials](https://www.ntia.doc.gov/SBOM)
* [Model Procurement Contract Language Addressing Cybersecurity Supply Chain Risk](https://www.eei.org/issuesandpolicy/Documents/EEI%20Law%20-%20Model%20Procurement%20Contract%20Language%20(Version%202)_031919.pdf)
* [Guide on Cybersecurity Procurement Language in Task Order Requests for Proposals for Federal Facilities](https://www.pnnl.gov/main/publications/external/technical_reports/PNNL-28661.pdf)
* [Energy Sector Control Systems Working Group (ESCSWG)](https://www.energy.gov/sites/prod/files/2014/04/f15/CybersecProcurementLanguage-EnergyDeliverySystems_040714_fin.pdf)


## SBOM Formats

* CycloneDX: [https://cyclonedx.org/](https://cyclonedx.org/)
* SPDX: [https://spdx.org/](https://spdx.org/)
* SPDX XML: [https://spdx-ccm.specchain.org/xsdccm/home](https://spdx-ccm.specchain.org/xsdccm/home)
* ISO/IEC 19770-2:2015 (SWID): [https://www.iso.org/standard/65666.html](https://www.iso.org/standard/65666.html)
* [CycloneDX](https://cyclonedx.org/)
* [SPDX](https://spdx.org/)
* [SPDX XML](https://spdx-ccm.specchain.org/xsdccm/home)
* [ISO/IEC 19770-2:2015 (SWID)](https://www.iso.org/standard/65666.html)

0 comments on commit baef989

Please sign in to comment.