NIST has fulfilled two of its multiple assignments to enhance the security of the software supply chain called for by a May 12, 2021, Presidential Executive Order on Improving the Nation’s Cybersecurity (14028), which charges multiple agencies – including NIST– with enhancing cybersecurity through a variety of initiatives related to the security and integrity of the software supply chain.
Having defined critical software last month, NIST published guidance outlining security measures for critical software after consulting with the Cybersecurity & Infrastructure Security Agency (CISA) and the Office of Management and Budget (OMB). NIST also published guidelines recommending minimum standards for vendors’ testing of their software source code after consulting with the National Security Agency (NSA).
Questions about the new documents or other projects called for by the EO should be directed to: swsupplychain-eo@nist.gov.