NIST Will Do Gap Analysis Before Creating Software Standards for Executive Order (AP Photo/Brennan Linsley) email May 26, 2021 The Government Accountability Office told lawmakers enforcement, through expanded reporting, of agencies’ supply chain security activity is “the thing that has to happen.” The National Institute of Standards and Technology will first take stock of work they’ve already done and may not ultimately develop new standards to meet its obligations under an executive order issued in May responding to a string of major breaches into federal and critical infrastructure networks. “Our preliminary look at fulfilling the requirements within the executive order will be to identify existing guidance or even specifics within existing guidance that we can call out and consolidate for use by the agencies,” said Matthew Scholl, chief of the Computer Security Division at NIST’s Information Technology Laboratory. “We want to identify and cite work that exists, rather than create new work.”