genrefa.blogg.se - Description of application software categories

#Description of application software categories verification
#Description of application software categories code

Operating systems for servers, desktops, and mobile devices.Software that establishes or manages access and control of hardware resources (bare metal or virtualized/ containerized) and provides common services such as access control, memory management, and runtime execution environments to software applications and/or interactive users

Operating systems, hypervisors, container environments

Foundational for ensuring that only authorized users, systems, and devices can obtain access to sensitive information and functions.

Identity provider and federation services.

Software that centrally identifies, authenticates, manages access rights for, or enforces access decisions for organizational users, systems, and devices Identity, credential, and access management (ICAM) As noted previously, CISA will provide the authoritative list of software categories at a later date. This table is provided to illustrate the application of the definition of EO-critical software to the scope of the recommended initial implementation phase described above. The table below provides a preliminary list of software categories considered to be EO-critical.

software components in operational technology (OT).

software components in boot-level firmware or.

#Description of application software categories code

software development tools such as code repository systems, development tools, testing software, integration software, packaging software, and deployment software.Subsequent phases may address other categories of software such as: NIST recommends that the initial EO implementation phase focus on standalone, on-premises software that has security-critical functions or poses similar significant potential for harm if compromised. Other use cases, such as software solely used for research or testing that is not deployed in production systems, are outside of the scope of this definition. The definition applies to software of all forms (e.g., standalone software, software integral to specific devices or hardware components, cloud-based software) purchased for, or deployed in, production systems and used for operational purposes. operates outside of normal trust boundaries with privileged access.performs a function critical to trust or,.is designed to control access to data or operational technology.has direct or privileged access to networking or computing resources.is designed to run with elevated privilege or manage privileges.A pointer to that information will be provided here when available.įinally, there is a set of FAQs at the bottom of the page that provides answers to questions that may arise about the interpretation of the definition, the phased approach, and other related topics.ĮO-critical software is defined as any software that has, or has direct software dependencies upon, one or more components with at least one of these attributes: At a later date, CISA will provide the authoritative list of software categories that are within the scope of the definition and to be included in the initial phase of implementation. Following that is a table with a preliminary list of software categories recommended for the initial phase along with some explanatory material. This section provides the definition of EO-critical software. Workshops on Cybersecurity Labeling of Consumer Products.Consumer Cybersecurity Labeling Pilots: The Approach and Contributions.Cybersecurity Labeling for Consumers Expand or Collapse.

#Description of application software categories verification

Recommended Minimum Standard for Vendor or Developer Verification of Code.

Software Verification Expand or Collapse.

Security Measures for EO-Critical Software Use.

Security Measures for Critical Software Use Expand or Collapse.

Critical Software Definition Expand or Collapse.

Software Cybersecurity for Producers and Purchasers.

Additional Existing Industry Standards, Tools, and Recommended Practices.

Evolving Standards, Tools, and Recommended Practices Expand or Collapse.

Attesting to Conformity with Secure Software Development Practices.

Software Cybersecurity for Producers and Users Expand or Collapse.

EO-Critical Software and Security Measures for EO-Critical Software.

Software Security in Supply Chains Expand or Collapse.

Software Supply Chain Security Guidance Expand or Collapse.