Today the National Institute of Standards and Technology (“NIST”) announced that it’s seeking public comment on a voluntary labeling program for software with security features. The initiative is meant to help software shoppers understand the security features of products they’re buying.
As a starting point, NIST published a document, formally titled Draft Baseline Criteria for Consumer Software Cybersecurity Labeling. Interested parties can provide comments to the draft up until Dec. 16, 2021 (by email to firstname.lastname@example.org) or the project’s website).
The guidance / project is part of NIST’s response to President Biden’s May 12, 2021, Executive Order (EO) 14028 on Improving the Nation’s Cybersecurity. The EO specifies that NIST “shall identify secure software development practices or criteria for a consumer software labeling program” (in other words, criteria that reflect a baseline level of cybersecurity and that focus on ease of use for consumers).
Now let’s just hope we won’t need a new standards document to interpret the labels themselves.