NIST today fulfilled two of its assignments to enhance the security of the software supply chain called for by a May 12, 2021, Presidential Executive Order on Improving the Nation’s Cybersecurity (14028).
That Executive Order (EO) charges multiple agencies – including NIST – with enhancing cybersecurity through a variety of initiatives related to the security and integrity of the software supply chain.
Having defined critical software last month, NIST today published guidance outlining security measures for critical software use after consulting with the Cybersecurity & Infrastructure Security Agency (CISA) and the Office of Management and Budget (OMB).
NIST also published guidelines recommending minimum standards for vendors’ testing of their software source code after consulting with the National Security Agency (NSA) as required under the EO.
Both deliverables were due by July 11, 2021, and were based on extensive public input through a workshop and call for papers.
Questions about the new documents or other projects called for by the EO should be directed to: swsupplychain-eo [at] nist.gov (swsupplychain-eo[at]nist[dot]gov).