NIST defines “critical software” under US executive order

The National Institute of Science and Technology (NIST) has published a definition of “critical software” after a Presidential Executive Order (EO). EO-critical software is defined as any software that has, or has direct software dependencies upon, one or more components with at least one of these attributes:

  • is designed to run with elevated privilege or manage privileges;
  • has direct or privileged access to networking or computing resources;
  • is designed to control access to data or operational technology;
  • performs a function critical to trust; or,
  • operates outside of normal trust boundaries with privileged access.

The definition applies to software of all forms (e.g., standalone software, software integral to specific devices or hardware components, cloud-based software) purchased for, or deployed in, production systems and used for operational purposes. Other use cases, such as software solely used for research or testing that is not deployed in production systems, are outside of the scope of this definition.

Read the full report

Related Posts

Previous Post
CFTC Orders Three Credit Suisse Entities to Pay $1.5 Million for Swap Data Reporting Failure
Next Post
Circle launches Bermuda-regulated crypto yield and treasury solution for US and Switzerland

Fill out this field
Fill out this field
Please enter a valid email address.

X

Reset password

Create an account