Verification of Software

From IDESG Wiki
Revision as of 16:11, 17 August 2021 by Tomjones (Talk | contribs) (References)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Full Title or Meme

Recommended Minimum Standards for Vendor or Developer Verification (Testing) of Software Under Executive Order (EO) 14028 - PDF Version


  • Executive Order (EO) 14028 on Improving the Nation’s Cybersecurity, May 12, 2021, directs the National Institute of Standards and Technology (NIST) to publish guidelines on vendors’ source code testing.
    Section 4(r) Within 60 days of the date of this order, the Secretary of Commerce acting through the Director of NIST, in consultation with the Secretary of Defense acting through the Director of the NSA, shall publish guidelines recommending minimum standards for vendors’ testing of their software source code, including identifying recommended types of manual or automated testing (such as code review tools, static and dynamic analysis, software composition tools, and penetration testing).

Tasks and Timelines

  1. 2021-06-29 Publish definition of "critical software"
  2. 2021-07-11 Publish guidance outlining security measures for security measures for coital software (vendor testing of SW source code)
  3. 2021-11-08 Publish preliminary guidelines
  4. 2022-02-06 Issue guidance identifying practice that enhance security of software.
  5. 2022-05-08 Publish guidelines with review/update procedures.
  6. 2022-05-13 Review and submit summary report of pilot programs