Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

SOFTWARE SECURITY IN THE BROADER SUPPLY CHAIN: EO 14028, Section 4(d)

Published

Author(s)

Jon M. Boyens

Abstract

The President's Executive Order (EO) on "Improving the Nation's Cybersecurity (14028)" issued on May 12, 2021, charges multiple agencies – including NIST – with enhancing cybersecurity through a variety of initiatives related to the security and integrity of the software supply chain. The EO acknowledges the increasing number of software security risks throughout the supply chain. Federal departments and agencies become exposed to cybersecurity risks through the software and services that they acquire, deploy, use, and manage from their supply chain (which includes open source software components). Mitigating these types of risks throughout the supply chain is a cornerstone goal of the EO, with Sections 4(c), and 4(d) focusing exclusively on the critical sub-discipline of Cybersecurity Supply Chain Risk Management (C-SCRM) from the lens of federal acquirers. This guidance informs the acquisition, use, and maintenance of third-party software and services for agencies' information technology (IT), Cybersecurity Supply Chain Risk Management (C-SCRM) Program Management Office, acquisition/procurement, and other functions in response to Section 4(c) and 4(d) of Executive Order (EO) 14028.
Citation
NIST Response to EO14028 Improving the Nation's Cybersecurity

Keywords

acquire, C-SCRM, cybersecurity supply chain, cybersecurity supply chain risk management, information and communication technology, risk management, supplier, supply chain, supply chain risk assessment, supply chain assurance, supply chain risk, supply chain security, software supply chain security

Citation

Boyens, J. (2022), SOFTWARE SECURITY IN THE BROADER SUPPLY CHAIN: EO 14028, Section 4(d), NIST Response to EO14028 Improving the Nation's Cybersecurity, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=934803, https://www.nist.gov/itl/executive-order-14028-improving-nations-cybersecurity (Accessed May 27, 2024)

Issues

If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.

Created May 5, 2022, Updated April 18, 2024