[KI-LC] Fwd: NIST Issues Definition of Critical Software Called for by Cybersecurity Executive Order

Andrew Hughes andrewhughes3000 at gmail.com
Fri Jun 25 16:11:22 UTC 2021


Of interest in the announcement: ICAM software is now within the definition
of "Executive Order - Critical" software.
I believe that this might result in an increase in interest in product
conformance to standards...

*Andrew Hughes *CISM CISSP
*In Turn Information Management Consulting*

o  +1 650.209.7542
m +1 250.888.9474
5043 Del Monte Ave., Victoria, BC V8Y 1W9
AndrewHughes3000 at gmail.com
*https://www.linkedin.com/in/andrew-hughes-682058a
<https://www.linkedin.com/in/andrew-hughes-682058a>*
*Digital Identity | International Standards | Information Security *


---------- Forwarded message ---------
From: NIST Cybersecurity and Privacy Program <
csrc.nist at service.govdelivery.com>
Date: Fri, Jun 25, 2021 at 8:34 AM
Subject: NIST Issues Definition of Critical Software Called for by
Cybersecurity Executive Order
To: <andrewhughes3000 at gmail.com>


[image: NIST]

View As Web Page
<https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDAsInVyaSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMTA2MjUuNDI0MTQ5NzEiLCJ1cmwiOiJodHRwczovL2NvbnRlbnQuZ292ZGVsaXZlcnkuY29tL2FjY291bnRzL1VTTklTVC9idWxsZXRpbnMvMmU1NjdlNyJ9.KIbSEcMyFh7jQn8GtJf-THP68ku-6J2DYgu-ITJi0yk/s/1376030715/br/108446640018-l>
[image: Header]
Cybersecurity Insights
NIST Issues Definition of Critical Software Called for by Cybersecurity
Executive Order [image: EO Improving Nation's Cybersecurity]


Fulfilling one of its assignments to enhance the security of the
software supply chain
<https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDEsInVyaSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMTA2MjUuNDI0MTQ5NzEiLCJ1cmwiOiJodHRwczovL3d3dy5uaXN0Lmdvdi9pdGwvZXhlY3V0aXZlLW9yZGVyLWltcHJvdmluZy1uYXRpb25zLWN5YmVyc2VjdXJpdHkifQ.v0VlDoGZlXVi8_ZNiDc6TvmzF8p_LDqsrMtCeaRnSzY/s/1376030715/br/108446640018-l>
called
for by a May 12, 2021, Presidential Executive Order on
<https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDIsInVyaSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMTA2MjUuNDI0MTQ5NzEiLCJ1cmwiOiJodHRwczovL3d3dy5mZWRlcmFscmVnaXN0ZXIuZ292L2QvMjAyMS0xMDQ2MCJ9.S8zhUV0YXBYhCB682riXguAxvk5dRay58e6KvYxNNrY/s/1376030715/br/108446640018-l>

<https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDMsInVyaSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMTA2MjUuNDI0MTQ5NzEiLCJ1cmwiOiJodHRwczovL3d3dy5mZWRlcmFscmVnaXN0ZXIuZ292L2QvMjAyMS0xMDQ2MCJ9.yYbevr4bpA-1UXq0eifkV0FuKBuSd75TwmfkFJQMIvk/s/1376030715/br/108446640018-l>Improving
the Cybersecurity of the Federal Government (14028)
<https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDQsInVyaSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMTA2MjUuNDI0MTQ5NzEiLCJ1cmwiOiJodHRwczovL3d3dy5mZWRlcmFscmVnaXN0ZXIuZ292L2QvMjAyMS0xMDQ2MCJ9.-r72GQvUhl8b8QxpImGIstl5eCkGnhNiMjJklM5ftcE/s/1376030715/br/108446640018-l>,
the
National Institute of Standards and Technology (NIST) today published a
definition of “critical software.”

The executive order (EO) directs the Cybersecurity & Infrastructure
Security Agency (CISA) to develop a list of software categories
and products in use or in the acquisition process which meet this
definition of critical software.

To coordinate the definition with its eventual application, NIST solicited
position papers from the community, hosted a virtual workshop to gather
input, and consulted with CISA, the Office of Management and Budget (OMB),
the Office of the Director of National Intelligence (ODNI), and the
National Security Agency (NSA) to develop the definition, the concept of a
phased implementation, and a preliminary list of common categories of
software that would fall within the scope for the initial phase.
Additional guidance on applying this definition in implementing the EO will
be forthcoming from CISA and OMB.  NIST worked closely with CISA and OMB to
ensure that the definition and recommendations are consistent with their
plans.

NIST also has developed a table illustrating the application of the
definition of EO-critical software to the scope of the recommended initial
implementation phase.  CISA will provide the authoritative list of software
categories at a later date.

The specific definition of critical software is included in a NIST white
paper and on NIST’s website:
https://www.nist.gov/itl/executive-order-improving-nations-cybersecurity/critical-software
<https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDUsInVyaSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMTA2MjUuNDI0MTQ5NzEiLCJ1cmwiOiJodHRwczovL3d3dy5uaXN0Lmdvdi9pdGwvZXhlY3V0aXZlLW9yZGVyLWltcHJvdmluZy1uYXRpb25zLWN5YmVyc2VjdXJpdHkvY3JpdGljYWwtc29mdHdhcmUifQ.UcfshLXxbT1go3YQ53C8QlpWK_3iWfDgcUNDP3rOSVM/s/1376030715/br/108446640018-l>.
The
paper and website include frequently asked questions (FAQs) about the
definition which provide additional context.

*Questions about the definition or documents *should be directed to:
swsupplychain-eo at nist.gov.


Read More
<https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDYsInVyaSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMTA2MjUuNDI0MTQ5NzEiLCJ1cmwiOiJodHRwczovL3d3dy5uaXN0Lmdvdi9pdGwvZXhlY3V0aXZlLW9yZGVyLWltcHJvdmluZy1uYXRpb25zLWN5YmVyc2VjdXJpdHkvY3JpdGljYWwtc29mdHdhcmUifQ.EgSdOVdKrA5Wl882r0pwn3zzQfCnFzkfFFBpcXS77ZE/s/1376030715/br/108446640018-l>

Connect with us
[image: twitter]
<https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDcsInVyaSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMTA2MjUuNDI0MTQ5NzEiLCJ1cmwiOiJodHRwczovL3R3aXR0ZXIuY29tL25pc3RjeWJlciJ9.auPtfad79LUozJwNmOy5Wg_lxL_YzEg6s0X-tZL9DB4/s/1376030715/br/108446640018-l>

Received this email from a friend? Subscribe here
<https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDgsInVyaSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMTA2MjUuNDI0MTQ5NzEiLCJ1cmwiOiJodHRwczovL3B1YmxpYy5nb3ZkZWxpdmVyeS5jb20vYWNjb3VudHMvVVNOSVNUL3N1YnNjcmliZXIvbmV3In0.cWtZC0_lKCGl1G7oHDwT6Nv6kOQXaYNHfHiYNE2vxlQ/s/1376030715/br/108446640018-l>
.
[image: NIST]
<https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDksInVyaSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMTA2MjUuNDI0MTQ5NzEiLCJ1cmwiOiJodHRwOi8vd3d3Lm5pc3QuZ292LyJ9.h7LTD6FeDbvBM0ehmLINfLkAaB1qZCywAOxuTmFnMQ4/s/1376030715/br/108446640018-l>

*You are subscribed to receive updates to NIST Cyber Blog from the National
Institute of Standards and Technology (NIST).*

*Subscriber services:*

*Manage Preferences
<https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMTAsInVyaSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMTA2MjUuNDI0MTQ5NzEiLCJ1cmwiOiJodHRwczovL3B1YmxpYy5nb3ZkZWxpdmVyeS5jb20vYWNjb3VudHMvVVNOSVNUL3N1YnNjcmliZXIvZWRpdD9wcmVmZXJlbmNlcz10cnVlI3RhYjEifQ.ygLosEi-bBeSjtOp3huVZiRr35FRizmxKpdrOWanptA/s/1376030715/br/108446640018-l>
 |  Unsubscribe
<https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMTEsInVyaSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMTA2MjUuNDI0MTQ5NzEiLCJ1cmwiOiJodHRwczovL3B1YmxpYy5nb3ZkZWxpdmVyeS5jb20vYWNjb3VudHMvVVNOSVNUL3N1YnNjcmliZXIvZWRpdD9wcmVmZXJlbmNlcz10cnVlI3RhYjEifQ.OOm1rsKQlGg1FGiHRUZ2TgxQngKfGAA3Zuc9v5GnT5s/s/1376030715/br/108446640018-l>
 |  Help
<https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMTIsInVyaSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMTA2MjUuNDI0MTQ5NzEiLCJ1cmwiOiJodHRwczovL3N1YnNjcmliZXJoZWxwLmdvdmRlbGl2ZXJ5LmNvbS8ifQ.naMuSspb5h3_sbblLMC7_crHmIIfxd-7krqsM2_zesA/s/1376030715/br/108446640018-l>*
------------------------------

If you have questions or problems with the subscription service, please
contact subscriberhelp.govdelivery.com
<https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMTMsInVyaSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMTA2MjUuNDI0MTQ5NzEiLCJ1cmwiOiJodHRwczovL3N1YnNjcmliZXJoZWxwLmdvdmRlbGl2ZXJ5LmNvbS8ifQ.yJfowh8rhqzJo119Xm7rm-6dgszg80l9UhrLVJs14c4/s/1376030715/br/108446640018-l>
.
Technical questions? Contact inquiries at nist.gov. (301) 975-NIST (6478).

This service is provided to you at no charge by National Institute of
Standards and Technology (NIST). 100 Bureau Drive, Stop 1070 ·
Gaithersburg, MD 20899 · 301-975-6478
[image: GovDelivery logo]
<https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMTQsInVyaSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMTA2MjUuNDI0MTQ5NzEiLCJ1cmwiOiJodHRwczovL3N1YnNjcmliZXJoZWxwLmdyYW5pY3VzLmNvbS8ifQ.tLt6DIA_SQIHNM549SrcMaDiurCuPp6CaQmSnwZM5b4/s/1376030715/br/108446640018-l>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kantarainitiative.org/pipermail/lc/attachments/20210625/42066d0b/attachment-0001.html>


More information about the LC mailing list