New guidance from the National Institute of Standards and Technology spells out security measures for "critical software" used by federal agencies and minimum standards for testing its source code. The best practices could be a model for the private sector as well. NIST's release of best practices carries out a mandate in President Joe Biden's May executive order on cybersecurity, which, in part, called for agencies to address supply chain threats, such as that posed by the SolarWinds incident