The National Institute of Standards and Technology (NIST) is soliciting feedback on a draft document outlining a set of cybersecurity criteria for a consumer software labeling program in compliance with a cybersecurity executive order signed in May.
NIST said Monday it is seeking comments on the baseline of technical requirements or “attestations” for software and related label.
These attestations are claims about the security of software offerings and are classified into four categories in the document: descriptive; secure software development; critical cybersecurity attributes and capability; and data inventory and protection attestations.
“We are establishing criteria for a label that will be helpful to consumers,” said Michael Ogata, a NIST computer scientist and co-author of the draft document. “The goal is to raise consumers’ awareness about the various security needs they might have and to help them make informed choices about the software they purchase and use.”
Public comments on the Draft Baseline Criteria for Consumer Software Cybersecurity Labeling are due Dec. 16th. NIST will use the insights to inform the document’s final version set for release by Feb. 6th.
