Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Software Supply Chain Security Guidance

Software is a critical component of the larger challenge of managing cybersecurity related to supply chains. Section 4 of the EO directs NIST to solicit input from the private sector, academia, government agencies, and others and to identify existing or develop new standards, tools, best practices, and other guidelines to enhance software supply chain security. Those guidelines are to include: 

  • criteria to evaluate software security,  
  • criteria to evaluate the security practices of the developers and suppliers themselves, and 
  • innovative tools or methods to demonstrate conformance with secure practices. 

Based on more than 150 responses to a call for position papers, multiple workshops, and responses to draft documents, NIST has produced a series of guidance resources.

NIST Tasks and Timeline for EO 14028 Section 4
Created November 9, 2021, Updated May 5, 2022