United States of America: NIST publishes definition for "critical software"

The National Institute of Standards and Technology (NIST) defines "critical software", as requested in May 2021 via the Executive Order on Improving the Nation's Cybersecurity (EO 14028). Per the Executive Order, the software products classified as "critical software" shall become subject to federal agencies' guidance on encryption, authentification and monitoring software operation. The NIST definition classifies software as "critical" according to five criteria described in the publication. Furthermore, a closer collaboration between the government and private sector is targeted, with an information-sharing system set up to increase protection from cyber threats. Finally, a Cybersecurity Safety Review Board is to be created.