Loading...

Like many websites, BSA’s websites use cookies to ensure the efficient functioning of those websites and give our users the best possible experience. You can learn more about how we use cookies, and how you can change your browser's cookie settings, in our cookies statement. By continuing to use this site without changing your cookie settings, you consent to our use of cookies.

X

Cybersecurity

JUL 08, 2021 | US

NIST Defines ‘Critical Software,’ Implications to Follow

Government Technology, July 8, 2021

By Jule Pattison-Gordon

The White House likely expects forthcoming EO-critical security standards to ripple out to the wider software landscape, beyond just government procurements, according to Henry Young, who previously worked at NIST and now is director of policy at the Software Alliance (BSA), a US-headquartered international software industry advocacy group. The idea is that vendors working for the federal government will simply follow these rules for all their products, making safer products more easily available to everyone.

Should security rules be too rigid, however, vendors might instead create compliant products for the federal government and less secure alternative versions to sell to the general public, Young told GT. He did not see significant risks of this happening, he said.

Aaron Cooper, BSA vice president of Global Policy, told GT that the security requirements NIST settles on will need to be flexible enough to ensure the guidance stays relevant and useful for the long term. Overly prescriptive rules may make sense for the present day but won’t keep up as technology and risks evolve.

For example, a hypothetical policy requiring software verify users via four-digit PINs would be wise 20 years ago but become a liability if it were still in place today, because it would prevent use of biometric or multifactor authentication, Cooper said.

Read More >>

Original Posting: https://www.govtech.com/security/nist-defines-critical-software-implications-to-follow

ABOUT BSA

BSA | The Software Alliance (www.bsa.org) is the leading advocate for the global software industry before governments and in the international marketplace. Its members are among the world’s most innovative companies, creating software solutions that help businesses of all sizes in every part of the economy to modernize and grow.

With headquarters in Washington, DC, and operations in more than 30 countries, BSA pioneers compliance programs that promote legal software use and advocates for public policies that foster technology innovation and drive growth in the digital economy.

MEDIA CONTACTS

Michael O’Brien

Email: [email protected]

For Media Inquiries

Email: [email protected]

MEDIA CONTACTS

Media Inquiries

Email: [email protected]

MEDIA CONTACTS

Media Inquiries

Email: [email protected]

CONTACTO DE PRENSA

Media Inquiries

Email: [email protected]

RELATED CONTENT

US: BSA Comments on Department of Commerce Request for Comments on Proposed Rule on Significant Malicious Cyber-Enabled Activities

BSA appreciates the opportunity to provide comments on the Department of Commerce’s BIS' Notice of Proposed Rulemaking to implement aspects of the E.O. on Taking Additional Steps to Address the National Emergency With Respect to Significant Malicious Cyber-Enabled Activities.

Policy Filing | Apr 25, 2024

EU: BSA Joint Industry Statement on the EU Cyber Certification Scheme (EUCS)

In the context of the ongoing discussions on the EU Cyber Certification Scheme (EUCS), the signatories, representing leading organizations, support the recent changes made to the EUCS draft.

Policy Filing | Apr 11, 2024