LayerX Tech Advent Calendar 2024 ã®8æ¥ç®ã®è¨äºã§ãã
LayerX Fintechäºæ¥é¨ï¼ä¸äºç©ç£ãã¸ã¿ã«ã»ã¢ã»ããããã¸ã¡ã³ãï¼MDMï¼ã«åºåï¼ã§ãã»ãã¥ãªãã£ãã¤ã³ãã©ãæ ã·ã¹ããã«ããã¹ã¯ãã¬ããã³ã¹ã»ã³ã³ãã©ã¤ã¢ã³ã¹ã¨ã³ã¸ãã¢ãªã³ã°ãªã©ãæ å½ãã¦ãã @ken5scal ã§ãã
ååã¯ç¬¬ï¼æ¬¡ããã³ç¬¬ï¼æ¬¡ãªããæ¿æ¨©ãçºãããµã¤ãã¼ã»ãã¥ãªãã£ç³»ã®å¤§çµ±é 令ãã¿ã¦ããã¾ããã tech.layerx.co.jp
ä»åã¯ã第ï¼æ¬¡ãã©ã³ãæ¿æ¨©ããã³ãç¾æç¹ã§ã®ãã¤ãã³æ¿æ¨©ã®å¤§çµ±é 令ãç´¹ä»ãã¾ãã
第ï¼æ¬¡ãã©ã³ãæ¿æ¨© ï¼2017ã2020ï¼
EO13800: Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure(2017)
ãã¦ã大ããªæ¿æ¨©äº¤ä»£ã«ããããããããµã¤ãã¼ã»ãã¥ãªãã£ã¸ã®é¢å¿ã¯ä½ä¸ãã¾ããã§ãããNIST CSFï¼ãµã¤ãã¼ã»ãã¥ãªãã£ãã¬ã¼ã ã¯ã¼ã¯ï¼ãç¨ãããªã¹ã¯ç®¡çã«ããã¦ããªã¹ã¯ã®ç·©åãå容çã対å¿çãã¾ã¨ããã¬ãã¼ããå½åå®å ¨ä¿éé·å®ï¼Secretary of Homeland Securityï¼ããã³è¡æ¿ç®¡çäºç®å±ï¼OMBï¼ã«90æ¥ä»¥å ã«å ±åãããããåé£é¦æ©é¢ã®é·ã«æ示ãããã¨ããã®å§¿å¢ãé¡èã«ç¤ºãã¦ãã¾ãã
ããã«ãçåºã®é·ï¼agency headsï¼ã«å¯¾ãã¦ãªã¹ã¯ç®¡çã主å°ãã責任ãæ確ã«ããé£é¦ITã®ã¢ãã³åãè¦æ±ãããªã©ã®åãçµã¿ãè¡ããã¦ãã¾ãã
ã¾ããæ¬å½ä»¤ã§ã¯ãµãã©ã¤ãã§ã¼ã³ã«é¢ããè¨åã¯å°ãªãã£ããã®ã®ããã®å½ä»¤ããã£ããã«ã¢ããã°ã¬ã¼ããããCSFãã¼ã¸ã§ã³1.1ã«ã¯ããµãã©ã¤ãã§ã¼ã³ãªã¹ã¯ç®¡çã®éè¦æ§ã®å¼·èª¿ããµã¤ãã¼ã»ãã¥ãªãã£ãªã¹ã¯ã®èªå·±è©ä¾¡ï¼Self-Assessing Cybersecurity Riskï¼
ã追å ããã¦ãã¾ãã
NIST SP800-171とは何か? 防衛省が手本にした米国防総省の情報管理規則を解説 |ビジネス+IT
EO 13833: Enhancing the Effectiveness of Agency Chief Information Officers (2017)
ããã¯ãå ã®å¤§çµ±é 令ã§è¨åãããé£é¦ITã®ã¢ãã³åã«é¢ããå ·ä½çãªæ示ã§ããåé£é¦æ©é¢ã®CIOã«ã¢ãã³ITåã¨ãµã¤ãã¼ã»ãã¥ãªãã£ã®ç¢ºä¿ãæ å½ããããã¨ã§ãCIOã®æ¨©éã¨è²¬ä»»ãå¼·åãã¦ãã¾ãã
EO 13870: America's Cybersecurity Workforce (2019)
ãµã¤ãã¼ã»ãã¥ãªãã£å°é家ã®ä¸è¶³ã«å¯¾å¿ãããããå¦æ ¡ã大å¦ãè·æ¥è¨ç·´ããã°ã©ã ãªã©ã§ãµã¤ãã¼ã»ãã¥ãªãã£æè²ã¨è¨ç·´ãæ¨é²ããã¹ãã«ã¨å¤æ§æ§ãåãããµã¤ãã¼ã»ãã¥ãªãã£ã¯ã¼ã¯ãã©ã¼ã¹ãè²æãããã¨ãç®çã¨ããçºä»¤ã§ããããã«ãææã¡ããªã¯ã¹ã®éçºããã³å ±åãæ±ãããã®æ¨é²ãå¾¹åºãã¦ãã¾ãã
EO 13873: Securing the Information and Communications Technology and Services Supply Chain (2019)
ããã¯ãæ å ±éä¿¡æè¡ããã³æ å ±éä¿¡ãµã¼ãã¹ã®å®å ¨ä¿éçå´é¢ãããµãã©ã¤ãã§ã¼ã³ã»ãã¥ãªãã£ãå¼·åããããã«çºä»¤ããããã®ã§ããç±³å½ã¯2019å¹´ã«ããµãã©ã¤ãã§ã¼ã³ãæµ·å¤ã®æµå¯¾çãªã¢ã¯ã¿ã¼ï¼cyber-enabledã¢ã¯ã¿ã¼ãå«ãï¼ã«ããè å¨ã«ããããã¦ããã¨ãã¦ãå½å®¶ç·æ¥äºæ ï¼national emergecncyï¼ã宣è¨ãã¾ãããããã§ããããã®ã¢ã¯ã¿ã¼ã«é¢é£ããåå¼ã®ç¨®é¡ãå®ç¾©ãã審æ»ããç¦æ¢ã§ããããã«ãã¾ããã
EO 13942: Addressing the Threat Posed by TikTok, and Taking Additional Steps To Address the National Emergency With Respect to the Information and Communications Technology and Services Supply Chainï¼2020ï¼
大統é 令13873ã«åºã¥ããä¸å½å ±ç£å ãç±³å½å¸æ°ã®ãã©ã¤ãã·ã¼ã«ã¢ã¯ã»ã¹ããæ稿å 容ãæ¤é²ããæãããããã¨ãããTikTokã®ä½¿ç¨ãç¦æ¢ãã¾ããã
EO 13943: Addressing the Threat Posed by WeChat, and Taking Additional Steps To Address the National Emergency With Respect to the Information and Communications Technology and Services Supply Chain
åæ§ã«ã大統é 令13873ã«åºã¥ããWeChatãç¦æ¢ãã¾ããã
ãã¤ãã³æ¿æ¨©ï¼2021~2024ï¼
åºæ¬çã«ç¬¬ä¸æ¬¡ãã©ã³ãæ¿æ¨©ãã大ããå¤ãããã®ã§ã¯ããã¾ããã ã¾ãããµã¤ãã¼ã»ãã¥ãªãã£ç³»ã®å¤§çµ±é 令ã¯æ°ããï¼ã¤ã ãã§ãããã®ã®ã 2021å¹´ã®SolarWindsäºä»¶ã«ç«¯ãçºããEO 14028ã¯é常ã«å¤§ããªå½±é¿ãä¸ãã¦ãã¾ã
EO 14028: Improving the Nation's Cybersecurity
ãã®å¤§çµ±é 令ã¯ãã½ããã¦ã§ã¢ãµãã©ã¤ãã§ã¼ã³ã®æèã§ãintegrity of âcritical softwareâãã«ãã©ã¼ã«ã¹ããã¦ãç¹ã§éè¦ã¨æããã¾ãã ããããå ·ä½çãªä¾µå®³çµè·¯ã¯ç°ãªããã®ã®ãSolarwindsã®ORIONããOktaã®ä¾µå®³äºä¾ããlog4jãXZ Utilsããµã¼ãã¹ãæä¾ããã½ããã¦ã§ã¢ãæ§æããã¨ã³ã·ã¹ãã ã«ãããå±æ©ã¨ãã観ç¹ã§ã¯å ±éãã¦ãã¾ãã ä»å¾ãã¨ã³ã·ã¹ãã å ¨ä½ã®å®å ¨æ§ãçæ£æ§ã¯ããã¾ã§ä»¥ä¸ã«éè¦ã«ãªããã¨ãããçºä»¤ãããã¹ããã¦åºãçºä»¤ã¨ãããã§ãããã
ãã®å¤§çµ±é 令ã¯ãã½ããã¦ã§ã¢ãµãã©ã¤ãã§ã¼ã³ã®æèã§ãã¯ãªãã£ã«ã«ã½ããã¦ã§ã¢ãã®å®å ¨æ§ï¼integrity of âcritical softwareâ) ã«ç¦ç¹ãå½ã¦ã¦ããç¹ã§éè¦ã§ãã
å ·ä½çãªä¾µå®³çµè·¯ã¯ç°ãªãã¾ãããSolarWindsãOktaãlog4jãXZ Utilsã¨ãã£ã2021~2024ã«ããã¦ä¸ãè³ããã侵害äºä¾ã¯ãã½ããã¦ã§ã¢ãµã¼ãã¹ãæ§æããã¨ã³ã·ã¹ãã ã«ãããå±æ©ã¨ããå ±éç¹ãããã¾ãã
ã¨ã³ã·ã¹ãã å ¨ä½ã®å®å ¨æ§ãçæ£æ§ãããã¾ã§ä»¥ä¸ã«éè¦ã«ãªããã¨ããããã®å¤§çµ±é 令ã®çºä»¤ã¯é¿ããããªãã£ãã¨ãç§ã¯æãã¦ãã¾ãã
ä¸æ¹ãSBOMã®éç¨ãå«ããçºä»¤ãããå 容ãå¹æçã«å ·ä½åã»å®è£ ããã«ã¯ãã¾ã æéããããã¨èãããã¾ãã
ãªããæ¬çºä»¤ã¯ã½ããã¦ã§ã¢ã®ãµãã©ã¤ãã§ã¼ã³ã«è¨åãã¦ãã¾ãããå½å®¶å®å ¨ä¿éã®æèã«ãªãã¾ãã®ã§ã EO 14081: Advancing Biotechnology and Biomanufacturing Innovation for a Sustainable, Safe, and Secure American Bioeconomyãã EO 14083: Ensuring Robust Consideration of Evolving National Security Risks by the Committee on Foreign Investment in the United Statesã¨ãã£ãã¨ãã«ã®ã¼æ½çãå½å¤èª¿æ»ã«ããã¦ãåç §ããã¦ãã¾ãã
第ï¼æ¬¡ãã©ã³ãæ¿æ¨©ããã®å çãã®ããã«ã¯
åç·¨ã¨ãããã¦éå»ç´15å¹´éã®å¤§çµ±é 令ãè¦ã¦ãã¾ããããã®éãã©ã®æ¿æ¨©ãåæ¿æ¨©ã®æ¹éãè¸è¥²ãã¦ããããã«è¦ãã¾ãããä»å¾ã©ããªããã¯å®ã¯ãããã¾ããã
ç¾æç¹ã§ããã©ã³ãæ¿æ¨©ã¯ãµã¤ãã¼ã»ãã¥ãªãã£å¨ãã®æ°éäºæ¥ã«å¯¾ããè¦å¶ãç·©åããã¨å®£è¨ãã¦ãã¾ããå®éã®ã¨ããã¯å ·ä½çãªæ¿çãåºãã¾ã§ã¯ãããã¾ãããã宣è¨ã©ããã®èµåãã«ãªãå ´åãããã¾ã§ã®ã»ãã¥ãªãã£å¼·åæ½çï¼ä¾ï¼éè¦ã¤ã³ãã©ä¼æ¥ã¸ã®ã¤ã³ã·ãã³ãå ±å義ååãSecure by Designããã°æä¾ãæ±ããä¼æ¥è²¬ä»»ï¼ãä¸é¨å¤æ´ã«ãªãå¯è½æ§ãããã¾ãã
ç±³å½ããã¦ããã«å½±é¿ãåããæã ã¨ãã¦ãä»å¾ã®ãµã¤ãã¼ã»ãã¥ãªãã£æ¦ç¥ãã©ããªãã注è¦ãããã¨ããã§ããä¾ãã°ãSecure by Designã¯ããã®ã¯ã¼ããéèåéã«ããããµã¤ãã¼ã»ãã¥ãªãã£ã«é¢ããã¬ã¤ãã©ã¤ã³ã«ãç»å ´ãã¦ãã¾ã£ã¦ãã¾ãã®ã§ãä»®ã«å¾éããå ´åã¯ãæã ç¬èªã®è§£éãèããã°ãªããªããªãã¾ãã
å人çã«ã¯ãEO 14028ãå¥æ©ã¨ãã¦å§ã¾ã£ããµãã©ã¤ãã§ã¼ã³ä¿è·èªä½ã¯ç¶ç¶ãã¦ã»ãããç¹ã«ãGitHub Secure Open Source Fundããã¯ããã¨ããOSSéçºè ã«å¯¾ããã»ãã¥ãªãã£å¯¾å¿ã®æ¯æ´ååãæ¨é²ããç¶ãããã¨ãç¥ãã°ããã§ãã