Internet of Things (IoT)

NIST Issues Guidance on Software, IoT Security and Labeling

  • 1.  NIST Issues Guidance on Software, IoT Security and Labeling

    Posted Feb 04, 2022 01:48:00 PM
    Hi All,

    NIST Issues Guidance on Software, IoT Security and Labeling

    The President's Executive Order (EO) on "Improving the Nation's Cybersecurity (14028)" issued on May 12, 2021, charges multiple agencies – including NIST – with enhancing cybersecurity through initiatives related to security and integrity of the software supply chain. Section 4 called for NIST to publish a variety of guidance that identifies practices to enhance software supply chain security, with references to standards, procedures, and criteria. The EO also directed NIST to initiate two labeling programs related to the Internet of Things (IoT) and software to inform consumers about the security of their products.

    NIST solicited position papers, requested public feedback on draft documents, hosted virtual workshops, consulted with other federal agencies, and reviewed existing federal guidance. 

    Software Security Practices
    • Software Supply Chain Security Guidance Under Executive Order (EO) 14028 Section 4e
    • NIST Special Publication 800-218, Secure Software Development Framework (SSDF) Version 1.1: Recommendations for Mitigating the Risk of Software Vulnerabilities

    Software Security Labeling
    • Recommended Criteria for Cybersecurity Labeling of Consumer Internet of Things (IoT) Products
    • Recommended Criteria for Cybersecurity Labeling of Consumer Software


    ------------------------------
    Michael Roza CPA, CISA, CIA, MBA, Exec MBA
    ------------------------------