Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Security Measures for “EO-Critical Software” Use

Publishing guidance that outlines security measures for critical software use – including applying practices of least privilege, network segmentation, and proper configuration – is one of NIST’s assignments to enhance the security of the software supply chain called for by a May 12, 2021, Presidential Executive Order on Improving the Nation’s Cybersecurity (14028). NIST considered extensive input from the public via a call for position papers and workshop and has worked closely with the Cybersecurity & Infrastructure Security Agency (CISA) and Office of Management and Budget (OMB) in producing this guidance.

The security measures for "EO-Critical Software" Use are also included in a NIST white paper.

EO critical software timeline

Questions about this guidance should be directed to: swsupplychain-eo [at] (swsupplychain-eo[at]nist[dot]gov)

Created July 8, 2021, Updated July 9, 2021