The National Institute of Standards and Technology (NIST) hosted a virtual workshop on June 2 and 3, 2021 to fulfill the Executive Order on Improving the Nation’s Cybersecurity, which we previewed in a recent post. The order was signed into law by President Biden on May 12, 2021, and includes direction to the Secretary of Commerce for consultation with various stakeholders including representatives of the private and public sectors, as well as academia. The goal of this consultation is to identify standards, tools, and best practices for the enhancement of supply chain security. The initial application will be the enhancement and modernization of federal government software procurement practices and procedures.
The virtual workshop hosted more than 1,400 participants and, prior to the workshop, a call for position papers yielded more than 150 submissions. Vigilant Ops submitted a position paper discussing the deployment of automated tools that continuously check for vulnerabilities and the maintenance of accurate and up-to-date information about third-party software components.
Some important dates from the Executive Order
- July 12, 2021
- minimum set of elements for Software Bill of Materials (SBOM) published
- guidance outlining security measures for critical software published
- February 12, 2022
- Secretary of Commerce will issue guidance that will require
- Providing an SBOM to purchasers of products
- Maintenance of third-party software components
- Deployment of automated security tools
- And others…
- Secretary of Commerce will issue guidance that will require
In summary, the executive order offers sweeping recommendations across various areas of Federal government, and for recommendations on how best to interpret the requirements of the executive order so that you can begin preparing your organization, download our healthcare-specific guide – How to Prepare for the Cybersecurity Executive Order.
