A Look Back at the Executive Order on Cybersecurity

It has officially been one year since the release of the Biden administration’s Executive Order on Cybersecurity, which outlines security requirements for software vendors selling software to the U.S. government.  These requirements include security testing in the development process and a software bill of materials for the open-source libraries in use so that known vulnerabilities are disclosed and able to be tracked in the future, among other things.
The Executive Order – put into motion following the cyberattacks on government agencies through software from SolarWinds and Microsoft – calls on the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) to establish the security initiatives necessary to meet the requirements in a given timeframe.
As we’ve seen over the past twelve months, NIST has met most of the timelines. So far, NIST has:
Defined critical software
Published guidance outlining security measures for critical software
Published guidelines…