OMB issues initial instructions for 'critical software' protection
- By Adam Mazmanian
- Aug 11, 2021
Agencies now have guidance on securing critical software, as required by the Biden administration’s May executive order on cybersecurity.
The Aug. 10 memo from Office of Management and Budget acting Director Shalanda Young builds off the National Institute of Standards and Technology’s definition of critical software, which focuses on software that has high-level authority to manage computing and network operation and configuration, provide identity credential and access management or otherwise operates at a high level of privilege.
While NIST’s definition applies to standalone software, software embedded in devices and software in the cloud, OMB’s first round of implementation of the guidance targets only on-premise or standalone software, the new memo states.
The memo also starts a 60-day clock for agencies to report on their critical software inventories and a one-year timeline for implementing security measures as called for by NIST to safeguard critical software.
The May executive order also set out a number of other deliverables that are due on or about Aug. 10. That includes the issuance by OMB of a federal cloud security strategy that serves as a guide to the risks of cloud adoption and the deployment of zero trust architectures. Similarly, the Cybersecurity and Infrastructure Security Agency was tasked with issuing a cloud security technical reference architecture to support secure cloud migration.
Additionally, the Department of Homeland Security was asked to weigh in on whether its cyber operators can hunt for threats on civilian federal networks without prior approval from individual agencies.
Adam Mazmanian is executive editor of FCW.
Before joining the editing team, Mazmanian was an FCW staff writer covering Congress, government-wide technology policy and the Department of Veterans Affairs. Prior to joining FCW, Mazmanian was technology correspondent for National Journal and served in a variety of editorial roles at B2B news service SmartBrief. Mazmanian has contributed reviews and articles to the Washington Post, the Washington City Paper, Newsday, New York Press, Architect Magazine and other publications.
Click here for previous articles by Mazmanian. Connect with him on Twitter at @thisismaz.