In an effort to improve consumers’ ability to make informed decisions about software they purchase, NIST has drafted a set of cybersecurity criteria for consumer software. The criteria are intended to aid in the development and voluntary use of labels to indicate that the software incorporates a baseline level of security measures.
The document, Draft Baseline Criteria for Consumer Software Cybersecurity Labeling, forms part of NIST’s response to the May 12, 2021, Executive Order (EO) 14028 on Improving the Nation’s Cybersecurity. The EO specifies that NIST “shall identify secure software development practices or criteria for a consumer software labeling program” — criteria that reflect a baseline level of cybersecurity and that focus on ease of use for consumers.
Comments on the draft document are due by December 16, 2021, and can be emailed to [email protected]. Please submit comments along with the submitter’s name and organization, and use the subject “Draft Consumer Software Labeling Criteria." All comments will be published on the project's website.
See related news
Feedback Sought: NIST Issues Second Draft of Cybersecurity Supply Chain Risk Management Practices
Every Click Counts: Are You Doing Your Part To Be Cyber Smart?