The President’s Executive Order on Improving the Nation’s Cybersecurity (14028) issued on May 12, 2021, charges multiple agencies – including the National Institute of Standards and Technology (NIST) – with enhancing the security of the software supply chain. Section 4 directs the Secretary of Commerce, through NIST, to consult with federal agencies, the private sector, academia, and other stakeholders in identifying or developing standards, tools, best practices, and other guidelines to assist software developers in enhancing software supply chain security. Those standards and guidelines will be used by other agencies to govern the federal government’s procurement of software. These will address: critical software, secure software development lifecycle, security measures for federal government, and requirements for testing software.
The EO assigns additional responsibilities to NIST, including two pilot labeling programs related to software and the Internet of Things (IoT) to inform consumers about the security of their products. These programs will be addressed in other forums.
Enhancing Software Supply Chain Security:
Responses to Call for Position Papers on Standards and Guidelines