OSPO GuideWant to Start an OSPO
The Cybersecurity and Infrastructure Security Agency (CISA) has released a roadmap. Objective 3.2 is to develop open source program office guidance for federal agencies:
Objective 3.2. Develop Open Source Program Office Guidance For Federal Agencies.
Open source program offices (OSPOs) have emerged in industry, civil society, and academia as a way to manage an organization’s OSS operations, including supporting the responsible usage of OSS and facilitating contributions back to OSS. CISA will develop open source program office (OSPO) best practice guidance for federal agencies and other entities who wish to implement OSPOs. CISA will support federal agencies who are interested in piloting OSPOs. The OSPO at CMS is contributing to their guidance. This guidance should serve as a model for other federal agencies starting an OSPO. There are many Executive Orders and federal memos that encourage the use of OSPO and open source software, such as:
- Executive Order on Improving the Nation’s Cybersecurity
- Government Policies for Open Source Software
- NIST Software Security in Supply Chains: Open Source Software Controls
TODO Group OSPO 101 Training Information
The TODO group includes information on how to start an OSPO here.
