NIST publishes definition for ‘critical software’ mandated in Biden cyber executive order

The National Institute of Standards and Technology has issued a definition for “critical software” based on public feedback and input from federal partners, starting a process outlined in President Biden’s May cyber executive order to determine how government will create software security requirements for contractors.

The definition is included in a NIST white paper released today that explains the agency’s approach and provides a “preliminary list of software categories considered to be EO-critical.” NIST held a workshop on June...