NIST Releases ‘Critical Software’ Definition for US Agencies

AMI Advance Manufacturing International, Inc. company logo

As part of Biden’s executive order published on May 12, federal agencies are now required to reexamine their approach to cybersecurity, which includes developing new ways to evaluate the software that departments buy and deploy as well as embracing modern approaches to security such as embracing “zero trust” and using multifactor authentication and encryption (see: Biden’s Cybersecurity Executive Order: 4 Key Takeaways). As one of the first deliverables to fulfill the executive order, NIST was required to develop a definition of critical software within 45 days of the order being issued. From this point on, the U.S. Cybersecurity and Infrastructure Agency will use the definition to publish a list of software products that fall under the new definition, which will then allow CISA to create new security rules for how government agencies buy and deploy software within federal networks. By focusing first on what critical software means for federal government agencies, the executive order is looking to curtail the type of supply chain threats that organizations face, such as the attack that targeted SolarWinds and users of the company’s Orion network monitoring tool.

Related Posts

About Us
AMI, Inc. it’s a nonprofit organization with a clear mission – to accelerate the digital transformation of small & medium manufacturers.

Let’s Socialize

Popular Post