Skip to main content

NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.

Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.

U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Security Measures for “EO-Critical Software” Use

Publishing guidance that outlines security measures for critical software use – including applying practices of least privilege, network segmentation, and proper configuration – is one of NIST’s assignments to enhance the security of the software supply chain called for by a May 12, 2021, Presidential Executive Order on Improving the Nation’s Cybersecurity (14028). NIST considered extensive input from the public via a call for position papers and workshop and has worked closely with the Cybersecurity & Infrastructure Security Agency (CISA) and Office of Management and Budget (OMB) in producing this guidance.

The security measures for "EO-Critical Software" Use are also included in a NIST white paper.

EO critical software timeline

Questions about this guidance should be directed to: swsupplychain-eo [at] nist.gov (swsupplychain-eo[at]nist[dot]gov)

Created July 8, 2021, Updated July 9, 2021
Was this page helpful?