NIST Delivers Two Key Publications to Enhance Software Supply Chain Security Called for by Executive Order

NIST today fulfilled two of its assignments to enhance the security of the software supply chain called for by a May 12, 2021, Presidential Executive Order on Improving the Nation’s Cybersecurity (14028).

That Executive Order (EO) charges multiple agencies – including NIST- with enhancing cybersecurity through a variety of initiatives related to the security and integrity of the software supply chain.

Having defined critical software last month, NIST today published guidance outlining security measures for critical software use after consulting with the Cybersecurity & Infrastructure Security Agency (CISA) and the Office of Management and Budget (OMB).

NIST also published guidelines recommending minimum standards for vendors’ testing of their software source code after consulting with the National Security Agency (NSA) as required under the EO.

Both deliverables were due by July 11, 2021, and were based on extensive public input through a workshop and call for papers.

/Public Release. This material comes from the originating organization/author(s)and may be of a point-in-time nature, edited for clarity, style and length. The views and opinions expressed are those of the author(s).View in full here.