Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST Issues Guidance on Software, IoT Security and Labeling

Executive Order on Improving the Nation's Cybersecurity Image

The President’s Executive Order (EO) on “Improving the Nation’s Cybersecurity (14028)” issued on May 12, 2021, charges multiple agencies – including NIST– with enhancing cybersecurity through initiatives related to the security and integrity of the software supply chain. Section 4 called for NIST to publish a variety of guidance that identifies practices to enhance software supply chain security, with references to standards, procedures, and criteria. The EO also directed NIST to initiate two labeling programs related to the Internet of Things (IoT) and software to inform consumers about the security of their products.

NIST solicited position papers, requested public feedback on draft documents, hosted virtual workshops, consulted with other federal agencies, and reviewed existing federal guidance (more details about these efforts can be found HERE). Today, NIST is announcing the release of five new documents called for in the EO:

Software Security Practices

Software Security Labeling 

More information and details about these efforts can be found on our Executive Order 14028 website. Questions or inquiries can be directed to swsupplychain-eo [at] nist.gov (swsupplychain-eo[at]nist[dot]gov).

Released February 4, 2022