The Biden administration’s cybersecurity executive order mandates that the National Institute of Standards and Technology (NIST) define what constitutes “critical software” NIST released a preliminary list of software categories within the scope of this definition. The EO stipulates that NIST’s definition “must reflect the level of privilege or access required to function, integration and dependencies with other software, direct access to networking and computing resources, potential for harm if compromised” The hope is that the federal government’s “power of the purse” would spill over to the private sector because most major software suppliers sell to both public and private sector customers.”]