Executive Order 14306 -– Sustaining Select Efforts to Strengthen the Nation’s Cybersecurity and Amending Executive Order 13694 and Executive Order 14144

NIST’s Responsibilities Under Executive Order 14306

NIST is directly responsible for several actions in the EO, summarized below:

Operationalizing Transparency and Security in Third-Party Software Supply Chains

• Develop and publish an update to the Secure Software Development Framework (SSDF).
• Establish a consortium with industry to develop guidance that demonstrates the implementation of secure software development, security, and operations practices based on the SSDF.
• Update NIST SP 800-53 to provide guidance on how to securely and reliably deploy patches and updates.

Securing Federal Communications

• Develop guidelines for the secure management of access tokens and cryptographic keys used by cloud service providers. 

Promoting Security with and in Artificial Intelligence

• Ensure that existing datasets for cyber defense research have been made accessible to the broader academic research community.

Aligning Policy to Practice

• Establish a pilot program of a rules-as-code approach for machine-readable versions of policy and guidance that OMB, NIST, and CISA publish and manage regarding cybersecurity.  

Relevant NIST Projects

• Software Supply Chain and DevOps Security Practices Project
• NIST Special Publication 800-53 Revision 5.1.1, Security and Privacy Controls for Information Systems and Organizations
   

Latest Updates

Credit: NIST