United States of America: Measures to enhance supply chain security for critical software

Progress

Current status

adopted

24 Jun 2021 adopted

12 May 2021 adopted

Scope

Implementers

United States of America

Policy Area

Data governance

Policy Instrument

Cybersecurity regulation

Regulated Economic Activity

software provider: other software

Government Branch

executive

Government Body

other regulatory body

central government

Implementation Level

national

Timeline of events

24 Jun 2021

adopted

NIST publishes definition for "critical software"

The National Institute of Standards and Technology (NIST) defines "critical software", as requested in May 2021 via the Executive Order on Improving the Nation's Cybersecurity (EO 14028). Per the Executive Order, the software products classified as …

Source

Event type order

Action type adoption

Government branch executive

Government body other regulatory body

12 May 2021

adopted

Executive Order calls for enhanced supply chain security in critical software

President Biden seeks to enhance the security of the critical software supply chain via Executive Order 14028. In section 4, the President diagnoses a lack of transparency and insufficient precautions against cybersecurity attacks in commercial soft…

Source

Event type order

Action type adoption

Government branch executive

Government body central government

Progress

Scope

Timeline of events

NIST publishes definition for "critical software"

Executive Order calls for enhanced supply chain security in critical software

Related changes

United States of America: SEC Rule on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure

United States of America: Joint Resolution providing for Congressional Disapproval of SEC Rule on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure (S.J.Res 50)

United States of America: United States National Cybersecurity Strategy 2023

United States of America: Department of Homeland Security third review on Cloud Security

United States of America: Office of Management and Budget Security Rules for Federal Government Software Suppliers outlining cybersecurity standards

United States of America: 2023 Department of Defense Cyber Strategy

United States of America: CISA, NSA and ODNI Guidance for Customers on Securing the Software Supply Chain

United States of America: SEC rules on enhancing and standardising cybersecurity risk management

United States of America: Executive Order on Ensuring Robust Consideration of Evolving National Security Risks by the Committee on Foreign Investment in the United States

United States of America: NSA Network Infrastructure Security Guidance

United States of America: FCC Inquiry into Vulnerabilities of Internet Global Routing System

United States of America: Export ban measures in US Information Security Controls of Cybersecurity Items

United States of America: CISA Advisory on Russian State-Sponsored Cyber Threats to US Critical Infrastructure