Verification of Software: Difference between revisions

From IDESG Wiki
Jump to navigation Jump to search
(Created page with "==Full Title or Meme== [https://www.nist.gov/document/document-developer-verification-software Recommended Minimum Standards for Vendor or Developer Verification (Testing) of...")
 
 
Line 4: Line 4:
==Context==
==Context==
* Executive Order (EO) 14028 on Improving the Nation’s Cybersecurity, May 12, 2021, directs the National Institute of Standards and Technology (NIST) to publish guidelines on vendors’ source code testing.<blockquote>Section 4(r) Within 60 days of the date of this order, the Secretary of Commerce acting through the Director of NIST, in consultation with the Secretary of Defense acting through the Director of the NSA, shall publish guidelines recommending minimum standards for vendors’ testing of their software source code, including identifying recommended types of manual or automated testing (such as code review tools, static and dynamic analysis, software composition tools, and penetration testing).</blockquote>
* Executive Order (EO) 14028 on Improving the Nation’s Cybersecurity, May 12, 2021, directs the National Institute of Standards and Technology (NIST) to publish guidelines on vendors’ source code testing.<blockquote>Section 4(r) Within 60 days of the date of this order, the Secretary of Commerce acting through the Director of NIST, in consultation with the Secretary of Defense acting through the Director of the NSA, shall publish guidelines recommending minimum standards for vendors’ testing of their software source code, including identifying recommended types of manual or automated testing (such as code review tools, static and dynamic analysis, software composition tools, and penetration testing).</blockquote>
==Tasks and Timelines==
# 2021-06-29 Publish definition of "critical software"
# 2021-07-11 Publish guidance outlining security measures for security measures for coital software (vendor testing of SW source code)
# 2021-11-08 Publish preliminary guidelines
# 2022-02-06 Issue guidance identifying practice that enhance security of software.
# 2022-05-08 Publish guidelines with review/update procedures.
# 2022-05-13 Review and submit summary report of pilot programs


==References==
==References==


[[Category: Standard]]
[[Category: Standard]]

Latest revision as of 16:11, 17 August 2021

Full Title or Meme

Recommended Minimum Standards for Vendor or Developer Verification (Testing) of Software Under Executive Order (EO) 14028 - PDF Version

Context

  • Executive Order (EO) 14028 on Improving the Nation’s Cybersecurity, May 12, 2021, directs the National Institute of Standards and Technology (NIST) to publish guidelines on vendors’ source code testing.

    Section 4(r) Within 60 days of the date of this order, the Secretary of Commerce acting through the Director of NIST, in consultation with the Secretary of Defense acting through the Director of the NSA, shall publish guidelines recommending minimum standards for vendors’ testing of their software source code, including identifying recommended types of manual or automated testing (such as code review tools, static and dynamic analysis, software composition tools, and penetration testing).

Tasks and Timelines

  1. 2021-06-29 Publish definition of "critical software"
  2. 2021-07-11 Publish guidance outlining security measures for security measures for coital software (vendor testing of SW source code)
  3. 2021-11-08 Publish preliminary guidelines
  4. 2022-02-06 Issue guidance identifying practice that enhance security of software.
  5. 2022-05-08 Publish guidelines with review/update procedures.
  6. 2022-05-13 Review and submit summary report of pilot programs


References