5 ways the U.S. government can get security right

OMB issues initial instructions for 'critical software' protection

Agencies now have guidance on securing critical software, as required by the Biden administration’s May executive order on cybersecurity.

The Aug. 10 memo from Office of Management and Budget acting Director Shalanda Young builds off the National Institute of Standards and Technology’s definition of critical software, which focuses on software that has high-level authority to manage computing and network operation and configuration, provide identity credential and access management or otherwise operates at a high level of privilege.

While NIST’s definition applies to standalone software, software embedded in devices and software in the cloud, OMB’s first round of implementation of the guidance targets only on-premise or standalone software, the new memo states.

The memo also starts a 60-day clock for agencies to report on their critical software inventories and a one-year timeline for implementing security measures as called for by NIST to safeguard critical software.

The May executive order also set out a number of other deliverables that are due on or about Aug. 10. That includes the issuance by OMB of a federal cloud security strategy that serves as a guide to the risks of cloud adoption and the deployment of zero trust architectures. Similarly, the Cybersecurity and Infrastructure Security Agency was tasked with issuing a cloud security technical reference architecture to support secure cloud migration.

Additionally, the Department of Homeland Security was asked to weigh in on whether its cyber operators can hunt for threats on civilian federal networks without prior approval from individual agencies.

About the Author

Adam Mazmanian is executive editor of FCW.

Before joining the editing team, Mazmanian was an FCW staff writer covering Congress, government-wide technology policy and the Department of Veterans Affairs. Prior to joining FCW, Mazmanian was technology correspondent for National Journal and served in a variety of editorial roles at B2B news service SmartBrief. Mazmanian has contributed reviews and articles to the Washington Post, the Washington City Paper, Newsday, New York Press, Architect Magazine and other publications.

Click here for previous articles by Mazmanian. Connect with him on Twitter at @thisismaz.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/Shutterstock.com)

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected