Policy

NIST seeks public input on proposed consumer software labeling scheme

The institutes will accept public comments on the draft document before 16 December.

November 2, 2021

(NIST photo)

The National Institutes of Standards and Technology is calling for feedback from experts and industry in response to proposals for a draft consumer software labeling framework.

In a draft document published on Monday, the department outlined baseline criteria for a possible new assessment regime, which could require software manufactures to attest to the cybersecurity of their products.

Publication of the new draft guidelines comes amid an increase in the cybersecurity arrangements of federal technology contractors, including with the launch of an enforcement push by the Department of Justice to pursue companies that fail to disclose accurate details of their cybersecurity posture.

The National Institutes of Standards and Technology (NIST) has issued recommendations for the launch of a voluntary cybersecurity assurance framework, as required by the Biden Administration’s cybersecurity executive order, which was published in May.

As part of the software labeling proposals, manufacturers could have to provide assurances about a range of specific aspects of the software production process, including how the company adheres to accepted secure development practices and data protection measures that it follows.

The criteria are so far based on suggestions that have already been submitted by the public through a position paper, a workshop, and multiple discussions with interested stakeholders.

NIST is seeking public comments on the draft document by Dec. 16, which will then be used to inform a final version that will be published either on or before Feb. 6 next year.

Commenting on the draft proposals, NIST computer scientist and co-author the document Michael Ogata said: “We are establishing criteria for a label that will be helpful to consumers. The goal is to raise consumers’ awareness about the various security needs they might have and to help them make informed choices about the software they purchase and use.”

In its publication of the draft, NIST emphasized that it will not directly run any such labeling regime and that adhering to the program will be voluntary for software providers.

NIST seeks public input on proposed consumer software labeling scheme

More Like This

GSA welcomes nominations for advisory committee focused on federal transparency efforts

Federal CIO calls on Congress to fund Technology Modernization Fund

CISA’s chief data officer: Bias in AI models won’t be the same for every agency

Top Stories

Security flaws in IRS systems pose risk to financial statements, GAO says

DHS launches safety and security board focused on AI and critical infrastructure

DOJ seeks public input on AI use in criminal justice system

DHS picks OMB official to lead its new AI Corps

Scientists must be empowered — not replaced — by AI, report to White House argues

GSA taps Login.gov deputy director to take top role next month

More Scoops

Cybersecurity executive order requirements are nearly complete, GAO says

NIST seeks public input on its AI executive order requirements

NIST to seek input on White House strategy for emerging tech standards development

NIST takes next step in studying feasibility of mobile driver’s licenses

NIST publishes expanded draft of key cybersecurity framework

White House fleshes out plan for agencies to collect software vendor attestation forms

CISA issues draft attestation form for government software providers

Latest Podcasts

NIST seeks public input on proposed consumer software labeling scheme

CISA is building an automated ransomware warning program

GSA’s Login.gov platform gets a new director

DOD’s Ashley Elizabeth Evans on effectively implementing AI

Tech

Defense

Cyber

Acquisition