Search Icon White
cyber nist news

NIST Issues Call for Papers on Cybersecurity Labeling Programs for Consumers

7/30/2021

Submissions are due by August 17, 2021

The American National Standards Institute (ANSI) encourages its stakeholders to respond to the U.S. Department of Commerce's National Institute of Standards and Technology (NIST) request for submissions on suggestions and feedback on the challenges and practical approaches to consumer software labeling. Responses, due by August 17, will help NIST to carry out one of its multiple assignments in Executive Order (EO) 14028, Improving the Nation’s Cybersecurity.

Part of the May 2021 EO directs NIST to initiate two labeling efforts – informed by existing consumer product labeling programs – to educate the public on the cybersecurity capabilities of Internet-of-Things (IoT) devices and software development practices.

NIST specifically requests one- to two-page submissions providing suggestions and feedback on the challenges and practical approaches to consumer software labeling, especially:

  • formal and informal processes and practices used to secure the software development process;
  • technical criteria needed to support validation of consumer software security assertions that reflect a baseline level of secure practices;
  • how different conformity assessment approaches (e.g., vendor attestation, third-party conformity assessment) can be employed in consumer software labeling pilots;
  • consumer product labeling programs for educating the public on the security properties of consumer software;
  • feasibility and possible means for implementing tiered labels that reflect increasingly comprehensive levels of testing and assessment; and
  • measures for incentivizing participation by consumer software developers.

Stakeholders are invited to respond to the call for papers, comment on a forthcoming draft white paper, and participate in a virtual NIST workshop to be held on September 14–15, 2021, 11:00 a.m. – 4:00 p.m. ET, which will include panel discussions and presentations based on submissions.

NIST submissions can be directed to [email protected] no later than August 17, 2021. Access more detailed information via NIST.

Recent Efforts to Support Cybersecurity

In July 2021, as part of its response to meet criteria in the EO to support cybersecurity efforts, NIST published a definition of "critical software" and published comments received in response to its Enhancing Software Supply Chain Security: Workshop and Call for Position Papers on Standards and Guidelines.

Access related news:

NIST Publishes Definition of Critical Software in Response to Cybersecurity Executive Order

NIST Requests Information to Help Develop an AI Risk Management Framework

CONTACT

Jana Zabinski

Director, Communications and Public Relations

Phone:
212.642.8901

Email:
[email protected]

Beth Goodbaum

Journalist/Communications Specialist

Phone:
212.642.4956

Email:
[email protected]