What is “critical software”?
- Jun 17, 2021 2:15 am GMT
From my point of view (i.e. the only completely unbiased point of view I know of – and I can judge that point since I’m unbiased), the biggest question mark about the May 12 Executive Order is “What is critical software”? This is important, because the requirements for software suppliers in section (e) of Section 4 apply to critical software (although the EO is somewhat vague on whether or not only critical software is in scope).
The EO orders NIST to develop a definition of that term (paragraph (g) of Section 4, pages 15-16), but then very helpfully goes on to say what the definition should include: “definition shall reflect the level of privilege or access required to function, integration and dependencies with other software, direct access to networking and computing resources, performance of a function critical to trust, and potential for harm if compromised.” And not only that, but the EO had already defined critical software as “software that performs functions critical to trust (such as affording or requiring elevated system privileges or direct access to networking and computing resources).”
Get Published - Build a Following
The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.
If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.