Date Published: November 1, 2021
Comments Due: December 16, 2021 (public comment period is CLOSED)
Email Questions to: labeling-eo@nist.gov
This draft document advances assignments to NIST in Sec. 4 (s) of Executive Order (EO) 14028, “Improving the Nation’s Cybersecurity” related to cybersecurity labeling for consumer software. It complements a similar document addressing cybersecurity-related consumer labeling for Internet of Things (IoT) products. The criteria in this document are based on extensive input offered to NIST in a September 2021 workshop and position papers submitted to NIST, along with the agency’s research and discussions with organizations and experts from the public and private sector. In accordance with the EO, NIST plans to produce a final version of these criteria by February 6, 2022.
NIST seeks comments on all aspects of the criteria contained in this draft document, including:
None selected
Publication:
Draft Baseline Criteria (pdf)
Supplemental Material:
Comments received
Consumer Software Criteria page
NIST news article
Document History:
11/01/21: Other (Draft)
02/04/22: CSWP 23 (Final)