Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST Delivers Two Key Publications to Enhance Software Supply Chain Security Called for by Executive Order

NIST today fulfilled two of its assignments to enhance the security of the software supply chain called for by a May 12, 2021, Presidential Executive Order on Improving the Nation’s Cybersecurity (14028).

That Executive Order (EO) charges multiple agencies – including NIST – with enhancing cybersecurity through a variety of initiatives related to the security and integrity of the software supply chain.

Having defined critical software last month, NIST today published guidance outlining security measures for critical software use after consulting with the Cybersecurity & Infrastructure Security Agency (CISA) and the Office of Management and Budget (OMB).

NIST also published guidelines recommending minimum standards for vendors’ testing of their software source code after consulting with the National Security Agency (NSA) as required under the EO.

Both deliverables were due by July 11, 2021, and were based on extensive public input through a workshop and call for papers.

Questions about the new documents or other projects called for by the EO should be directed to: swsupplychain-eo [at] (swsupplychain-eo[at]nist[dot]gov).

Released July 9, 2021