Improving the Nation's Cybersecurity
In May of 2021, President Joe Biden released an Executive Order (EO) on improving the nation’s cybersecurity. This EO directs Federal agencies to develop new security requirements for software vendors selling into the U.S. government. This has already had a major impact on global software development processes and lifecycles, even for organizations that do not sell into the Federal government.
Guides & Resources
Supply Chain Security Guidance
Guidance on The President's recent Executive Order on Improving the Nation's Cybersecurity and its impact on supply chain security for software and firmware developers and IoT device manufacturers.
SBOM Minimum Requirements
The NTIA has released SBOM minimum elements. Finite State Experts discuss the technical and logistical challenges in meeting them.
NIST defines "critical software"
Finite State General Counsel Eric Greenwald discusses affects on software and device vendors, even if they don't sell to the Federal government.
Finite State Platform Datasheet
See how the Finite State Platform can help your organization meet product security standards and requirements.
Important Milestones for EO 14028
President Biden issues Executive Order 14028
This is a monumental shift that had an immediate impact on global software development processes and lifecycles.
NIST Defines "Critical Software"
The first step was for NIST to determine which critical elements needed to be addressed first. This definition is expected to expand, and some agencies have discretion to require standards for components and systems that they themselves deem critical.
NTIA issues minimum elements for SBOM
This was the first step in determining what must be included in one of the EO's most critical initiatives: the Software Bill of Materials.
OMB requires agencies to comply with NIST Guidance for critical software
The EO directs NIST to issue guidance on security measures for critical software, and further directs the Office of Management and Budget (OMB) to require agencies to comply with that guidance.
NIST will issue preliminary guidance for enhancing software supply chain security
This will be a major step in setting standards for the future of software and device supply chain security.
Supply Chain Guidance
Gain insight into how to prepare for the new supply chain security standards resulting from Executive Order 14028.