NIST’s Responsibilities under the Executive Order
May 17, 2021
Improving the Nation's Cybersecurity: NIST’s Responsibilities under the Executive Order
The President’s Executive Order on Improving the Nation’s Cybersecurity issued on May 12, 2021, charges multiple agencies – including the National Institute of Standards and Technology (NIST) – with enhancing the security of the software supply chain. Section 4 directs the Secretary of Commerce, through NIST, to consult with federal agencies, the private sector, academia, and other stakeholders in identifying or developing standards, tools, best practices, and other guidelines to assist software developers in enhancing software supply chain security. Those standards and guidelines will be used by other agencies to govern the federal government’s procurement of software. These will address: critical software, secure software development lifecycle, security measures for federal government, and requirements for testing software.
The EO assigns additional responsibilities to NIST, including two pilot labeling programs related to software and the Internet of Things (IoT) to inform consumers about the security of their products. These programs will be addressed in other forums.
NIST will also host a virtual workshop on June 2-3, 2021. The workshop agenda will focus on sharing NIST’s plans to develop software-related standards and guidelines called for by the EO—as well as and receiving and discussing information and ideas about the approach that NIST should consider in developing those standards and guidelines.