Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

This page is no longer being updated and the information may be out of date.

Security Measures for “EO-Critical Software” Use

Publishing guidance that outlines security measures for critical software use – including applying practices of least privilege, network segmentation, and proper configuration – is one of NIST’s assignments to enhance the security of the software supply chain called for by a May 12, 2021, Presidential Executive Order on Improving the Nation’s Cybersecurity (14028). NIST considered extensive input from the public via a call for position papers and workshop and has worked closely with the Cybersecurity & Infrastructure Security Agency (CISA) and Office of Management and Budget (OMB) in producing this guidance.

The security measures for "EO-Critical Software" Use are also included in a NIST white paper.

EO critical software timeline

Questions about this guidance should be directed to: swsupplychain-eo [at] nist.gov (swsupplychain-eo[at]nist[dot]gov)

Created July 8, 2021, Updated July 8, 2026
Was this page helpful?