On May 12, 2021, President Biden issued an executive order to strengthen U.S. cybersecurity defenses. The order comes in the wake of the ransomware attack on Colonial Pipeline and numerous other cybersecurity attacks against the U.S. government and private companies over the past few years. The order proposes a wide array of changes to bolster the federal government’s ability to respond to and prevent cybersecurity attacks. The major sections of the order are highlighted below:
Removing Barriers to Sharing Threat Information – IT and OT service providers contracting with the federal government will be required to share data and information related to cybersecurity breaches that could impact U.S networks. The order requires review and updates to the Federal Acquisition Regulation (FAR) and agency-specific cybersecurity requirements to meet this goal.
Modernizing Federal Government Cybersecurity – Agencies will be required to modernize their approach to cybersecurity. The order imposes requirements to reach this modernization goal, including: (a) requiring all agencies to develop a plan for implementing Zero Trust Architecture (an approach to network security that focuses on user authentication and limiting access on a need-to-know basis), (b) requiring agencies and the Director of OMB to develop a federal cloud security strategy, and (c) requiring agencies to adopt multi-factor authentication and encryption for data at rest and in transit (to the maximum extent possible under applicable laws).
Enhancing Software Supply Chain Security – After receiving input from the federal government, private sector, academia and others, the Director of the National Institute of Standards and Technology (NIST) will develop guidelines to enhance the security of commercial software. Once such guidelines are put in place, agencies will only be allowed to purchase software that meets the guidelines. Software suppliers will have to “self ..
Support the originator by clicking the read the rest link below.
