NIST Releases ‘Critical Software’ Definition for US Agencies

Share on facebook
Share on twitter
Share on linkedin
Share on email
Share on whatsapp

The National Institute of Standards and Technology has published its definition of what “critical software” means for the U.S. federal government, as the standards agency begins fulfilling some of the requirements laid out in President Biden’s executive order on cybersecurity.

This is the first deliverable, which will then allow CISA to create security rules around how government agencies buy and deploy software on federal networks.  While the goal is to stop supply chain threats, the list is broad and may include just about any software in use.

Critical software is defined as software of software dependencies that contain at least one of the following attributes:

  • Software that is designed to run with elevated privilege or manage privileges;
  • Software that has direct or privileged access to networking or computing resources;
  • Software that is designed to control access to data or operational technology;
  • Software that performs a function critical to trust;
  • Or software that operates outside of normal trust boundaries with privileged access.

This definition includes operating systems, web browsers, hypervisors, endpoint security tools, identity and access management applications, network monitoring tools and other products, according to NIST.  If the software is deployed ONLY in a test environment and not on production systems, it would be outside of the scope of this definition.

Is this list going to be helpful, or will it simply be too broad to manage?  And what about the risks of internally developed applications?

More to come.

Tracy Fox
+ posts

Sign Up For Our Blog

Get our latest content delivered to your inbox.

partner with foresite consulting to become a More Effective Leader

Develop the skills and strategies you need to take your company to the next level of success.

Foresite Cybersecurity Announces Pivot to Open XDR & Compliance Platform

Search