NIST Delivers on Two Key Publications to Enhance Software Supply Chain Security Called for by Executive Order
NIST today fulfilled two of its multiple assignments to enhance the security of the software supply chain called for by a May 12, 2021, Presidential Executive Order on Improving the Nation’s Cybersecurity (14028), which charges multiple agencies – including NIST– with enhancing cybersecurity through a variety of initiatives related to the security and integrity of the software supply chain.
Having defined critical software last month, NIST today published guidance outlining security measures for critical software after consulting with the Cybersecurity & Infrastructure Security Agency (CISA) and the Office of Management and Budget (OMB). NIST also published guidelines recommending minimum standards for vendors’ testing of their software source code after consulting with the National Security Agency (NSA).
Both deliverables were due by July 11, 2021, and were based on extensive public input through a workshop and call for papers.
Questions about the new documents or other projects called for by the EO should be directed to: swsupplychain-eo@nist.gov.
|
