NIST: Cybersecurity EO Necessary to Drive Network Security
The EO, released in May, requires agencies to enact Biden’s plan to revamp the federal government’s cybersecurity under timelines as short as within 30 days after the order’s signing.
NIST already accomplished two tasks under the directive: formulating a definition of critical software and developing security measures for those applications, Federal News Network reported Thursday.
The agency’s contributions served as the basis for a new memorandum from the Office of Management and Budget for securing on-premise federal software.
Per the OMB memo, agencies will be given 60 days to identify 12 types of on-premise critical software and another 12 months to apply software protections. A subsequent phase, slated to run for 12 more months, will follow once the NIST expands its critical software list.
Kevin Stine, NIST’s chief cybersecurity adviser, believes that the directive is achievable despite the tight deadline.
“Over the next several months, we’re going to seek to improve and expand on these resources to really meet the specific requirements of the EO and really the needs of software developers and users,” Stine said at a National Security Telecommunications Advisory Committee meeting.
The NIST official went on to address industry concerns about the potential implementation of new compliance regimes for software protection.
According to Stine, NIST does not intend to establish such systems nor does it plan on running its own third-party or testing and conformance program as it would be difficult to scale such initiatives.
Tags: critical software cybersecurity cybersecurity executive order Federal News Network Kevin Stine National Institute of Standards and Technology NIST software protection