BalkansCat/istockphoto The National Institute of Standards and Technology met crucial obligations laid out for it in a May 12 executive order with the publication of documents recommending minimum standards for the verification and use of software in the federal government.

The order was created in response to hackers infiltrating government contractor SolarWinds to distribute malware to thousands of victims, including federal agencies, through what seemed to be a legitimate software update from the IT management firm. The attackers also exploited weak passwords and authentication controls to move further within victim systems.

NIST was tasked with identifying security measures for the use of critical software and recommending minimum standards for software vendors to test their products before offering them to the government by July 11 and issued a bulletin linking to the documents on July 9. NIST was also responsible for defining ‘critical software .’

The ball now moves to the court of […]