Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Software Supply Chain: Executive Order

Improving the Nation's Cybersecurity: NIST’s Responsibilities under the Executive Order

Overview:

The President’s Executive Order on Improving the Nation’s Cybersecurity (14028) issued on May 12, 2021, charges multiple agencies – including the National Institute of Standards and Technology (NIST)  with enhancing the security of the software supply chain. Section 4 directs the Secretary of Commerce, through NIST, to consult with federal agencies, the private sector, academia, and other stakeholders in identifying or developing standards, tools, best practices, and other guidelines to assist software developers in enhancing software supply chain security. Those standards and guidelines will be used by other agencies to govern the federal government’s procurement of software. These will address: critical software, secure software development lifecycle, security measures for federal government, and requirements for testing software. 

The EO assigns additional responsibilities to NIST, including two pilot labeling programs related to software and the Internet of Things (IoT) to inform consumers about the security of their products. These programs will be addressed in other forums. 

Contacts