Improving the Nation's Cybersecurity
In May of 2021, President Joe Biden released an Executive Order (EO) on improving the nation’s cybersecurity. This EO directs Federal agencies to develop new security requirements for software vendors selling into the U.S. government. This has already had a major impact on global software development processes and lifecycles, even for organizations that do not sell into the Federal government.
Guides & Resources
Important Milestones for EO 14028
President Biden issues Executive Order 14028
This is a monumental shift that had an immediate impact on global software development processes and lifecycles.
NIST Defines "Critical Software"
The first step was for NIST to determine which critical elements needed to be addressed first. This definition is expected to expand, and some agencies have discretion to require standards for components and systems that they themselves deem critical.
NTIA issues minimum elements for SBOM
This was the first step in determining what must be included in one of the EO's most critical initiatives: the Software Bill of Materials.
OMB requires agencies to comply with NIST Guidance for critical software
The EO directs NIST to issue guidance on security measures for critical software, and further directs the Office of Management and Budget (OMB) to require agencies to comply with that guidance.
NIST will issue preliminary guidance for enhancing software supply chain security
This will be a major step in setting standards for the future of software and device supply chain security.
Supply Chain Guidance
Gain insight into how to prepare for the new supply chain security standards resulting from Executive Order 14028.