Tomjones: /* References */

2021-08-17T16:11:09Z

References

← Older revision		Revision as of 16:11, 17 August 2021
Line 4:		Line 4:
	==Context==		==Context==
	* Executive Order (EO) 14028 on Improving the Nation’s Cybersecurity, May 12, 2021, directs the National Institute of Standards and Technology (NIST) to publish guidelines on vendors’ source code testing.<blockquote>Section 4(r) Within 60 days of the date of this order, the Secretary of Commerce acting through the Director of NIST, in consultation with the Secretary of Defense acting through the Director of the NSA, shall publish guidelines recommending minimum standards for vendors’ testing of their software source code, including identifying recommended types of manual or automated testing (such as code review tools, static and dynamic analysis, software composition tools, and penetration testing).</blockquote>		* Executive Order (EO) 14028 on Improving the Nation’s Cybersecurity, May 12, 2021, directs the National Institute of Standards and Technology (NIST) to publish guidelines on vendors’ source code testing.<blockquote>Section 4(r) Within 60 days of the date of this order, the Secretary of Commerce acting through the Director of NIST, in consultation with the Secretary of Defense acting through the Director of the NSA, shall publish guidelines recommending minimum standards for vendors’ testing of their software source code, including identifying recommended types of manual or automated testing (such as code review tools, static and dynamic analysis, software composition tools, and penetration testing).</blockquote>

			==Tasks and Timelines==
			# 2021-06-29 Publish definition of "critical software"
			# 2021-07-11 Publish guidance outlining security measures for security measures for coital software (vendor testing of SW source code)
			# 2021-11-08 Publish preliminary guidelines
			# 2022-02-06 Issue guidance identifying practice that enhance security of software.
			# 2022-05-08 Publish guidelines with review/update procedures.
			# 2022-05-13 Review and submit summary report of pilot programs


	==References==		==References==

	[[Category: Standard]]		[[Category: Standard]]

Tomjones: Created page with "==Full Title or Meme== [https://www.nist.gov/document/document-developer-verification-software Recommended Minimum Standards for Vendor or Developer Verification (Testing) of..."

2021-08-17T16:00:26Z

Created page with "==Full Title or Meme== [https://www.nist.gov/document/document-developer-verification-software Recommended Minimum Standards for Vendor or Developer Verification (Testing) of..."

New page

==Full Title or Meme==
[https://www.nist.gov/document/document-developer-verification-software Recommended Minimum Standards for Vendor or Developer Verification (Testing) of Software Under Executive Order (EO) 14028 - PDF Version]

==Context==
* Executive Order (EO) 14028 on Improving the Nation’s Cybersecurity, May 12, 2021, directs the National Institute of Standards and Technology (NIST) to publish guidelines on vendors’ source code testing.<blockquote>Section 4(r) Within 60 days of the date of this order, the Secretary of Commerce acting through the Director of NIST, in consultation with the Secretary of Defense acting through the Director of the NSA, shall publish guidelines recommending minimum standards for vendors’ testing of their software source code, including identifying recommended types of manual or automated testing (such as code review tools, static and dynamic analysis, software composition tools, and penetration testing).</blockquote>

==References==

[[Category: Standard]]

Verification of Software - Revision history

Tomjones: /* References */

Tomjones: Created page with "==Full Title or Meme== [https://www.nist.gov/document/document-developer-verification-software Recommended Minimum Standards for Vendor or Developer Verification (Testing) of..."