Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Security Measures for “EO-Critical Software” Use
Publishing guidance that outlines security measures for critical software use – including applying practices of least privilege, network segmentation, and proper configuration – is one of NIST’s assignments to enhance the security of the software supply chain called for by a May 12, 2021, Presidential Executive Order on Improving the Nation’s Cybersecurity (14028). NIST considered extensive input from the public via a call for position papers and workshop and has worked closely with the Cybersecurity & Infrastructure Security Agency (CISA) and Office of Management and Budget (OMB) in producing this guidance.
The security measures for "EO-Critical Software" Use are also included in a NIST white paper.
Questions about this guidance should be directed to: swsupplychain-eo [at] nist.gov (swsupplychain-eo[at]nist[dot]gov)