SKILL BENCHMARK

CSSLP: Secure Software Supply Chain Competency

  • 15m
  • 15 questions
The Secure Software Supply Chain Competency benchmark measures your knowledge of pedigree and provenance verification and acquisition process support delivery. You will be evaluated on your skills in applying compliance auditing, vulnerability response and reporting, supplier sourcing challenges, best practices for various controls, SLAs, support structures, and product deployment and configuration management. A learner who scores high on this benchmark demonstrates that they have the skills necessary to incorporate best practices for supply chain and software acquisitions.

Topics covered

  • analyze security for third party software
  • assess a security track record
  • describe code repository security
  • describe how to securely interconnect and share systems
  • distinguish between different security trade-offs in supplier sourcing
  • distinguish between the two rules SLAs should provide
  • identify best practices for vendor technical integrity controls
  • recognize cryptographically hashed or digitally signed components
  • recognize how to assess information systems security policy compliance
  • recognize how to assess software engineering and SDLC approaches
  • recognize how to audit security policy compliance
  • recognize how to perform vulnerability/incident response and reporting
  • recognize how to verify secure transfers
  • recognize maintenance and support structures such as community vs. commercial
  • recognize product deployment and sustainment controls such as upgrades, secure configuration, custom code extensions, operational readiness, and GPL requirements