Stakeholders urge NIST to avoid overly prescriptive approach to ‘critical software’ under Biden order

The initial deadline under President Biden’s cyber executive order, requiring NIST to define “critical software” as a first step toward establishing standards, should provide a starting point for a government-industry collaboration that avoids overly prescriptive mandates from federal officials, according to stakeholders.

McAfee’s Kent Landfield said NIST should leverage its existing work and materials developed by industry to meet the “critical software” definition deadline and subsequent work to develop guidance.

Landfield, at a Thursday NIST workshop, noted that the agency’s...