CONTACT
    US-Seal

    EO Resource Center

    Section 4: Supply Chain

    Section Overview

    Section 4 establishes baseline security standards for developing software—especially critical software—that is sold to government, including requiring developers to have greater visibility into their software and making security data publicly available. This section also creates a public-private process to develop new and innovative approaches for secure software development, helps the government use its buying power to ensure software security standards are met, and creates a pilot program where products have labels confirming they were developed securely.

    Eo Section Section-4

    The National Institute of Standards and Technology (NIST) will develop federal guidelines for software security. These guidelines will include standards, procedures, or criteria covering:

    1. Securing software development environments
    2. Generating and providing artifacts that demonstrate conformance
    3. Ensuring code integrity with automation or comparable tools/processes
    4. Using automation or comparable tools/processes to regularly check for known and potential vulnerabilities and remediate them
    5. Participating in a vulnerability disclosure program
    Executive Order Sections
    Section 1: Policy
    Section 2: Threat Info-Sharing
    Section 3: Modernization
    Section 4: Software Supply Chain
    Section 5: Cyber Safety Review Board
    Section 6: IR Playbooks
    Section 7: Threat Detection
    Section 8: Investigation & Remediation
    Section 9: National Security Systems
    Section 10: Definitions
    Section 11: General Provisions

    Do you have questions about the Executive Order’s requirements

    Request Information

    There is power in strong partnerships.

    Learn more about our best-in-class solutions for Executive Order Requirements.