By the authority vested in me as President by the Constitution and the laws of the United States of America, it is hereby ordered as follows:
Bạn đang xem: Executive Order on Improving the Nation’s Cybersecurity
Policy
The United States is facing persistent and increasingly sophisticated malicious cyber campaigns that threaten the public and private sectors, as well as the security and privacy of the American people. The Federal Government must strengthen its efforts to identify, deter, and respond to these cyber threats. Additionally, the private sector must play a crucial role in adapting to the changing threat landscape and partnering with the Federal Government to ensure a more secure cyberspace.
Removing Barriers to Sharing Threat Information
The Federal Government contracts with IT and OT service providers, including cloud service providers, who have unique access to cyber threat and incident information. However, current contract terms may limit the sharing of such information with agencies responsible for investigating and remediating cyber incidents. To accelerate incident deterrence and response efforts, contractual barriers must be removed to enable effective defense of agency systems and information.
Within 60 days, the Director of the Office of Management and Budget (OMB) will review and recommend updates to the Federal Acquisition Regulation (FAR) and the Defense Federal Acquisition Regulation Supplement contract requirements and language for contracting with IT and OT service providers. The recommendations will ensure that service providers collect and preserve relevant data, share information with agencies, collaborate in investigations, and share cyber threat information.
Modernizing Federal Government Cybersecurity
Xem thêm : Eireview – Extractive Industries Review
To keep pace with the evolving cyber threat landscape, the Federal Government must modernize its approach to cybersecurity. This includes adopting security best practices, implementing Zero Trust Architecture, securing cloud services, and centralizing access to cybersecurity data for effective risk management. It is crucial to invest in technology and personnel to achieve these modernization goals.
Within 60 days, agency heads will update existing plans to prioritize the adoption of cloud technology and develop a plan to implement Zero Trust Architecture. This plan will incorporate the migration steps outlined by the National Institute of Standards and Technology (NIST) and identify activities with immediate security impact.
Enhancing Software Supply Chain Security
The security and integrity of software used by the Federal Government are vital to its critical functions. Commercial software development often lacks transparency and sufficient security controls, creating vulnerabilities. To address this, rigorous mechanisms must be implemented to ensure secure software products.
Within 30 days, the Secretary of Commerce, through the Director of the National Institute of Standards and Technology (NIST), will solicit input to identify or develop standards, tools, and best practices for software security compliance. Within 360 days, NIST will publish guidelines for enhancing software supply chain security.
Establishing a Cyber Safety Review Board
The Cyber Safety Review Board will be established to review and assess significant cyber incidents affecting Federal Civilian Executive Branch (FCEB) Information Systems. The Board’s membership will include Federal officials and representatives from private-sector entities. Recommendations from the Board will be provided to improve cybersecurity and incident response practices.
Standardizing the Federal Government’s Playbook for Responding to Cybersecurity Vulnerabilities and Incidents
Xem thêm : Eireview: Exploring the Latest Technology Trends
Standardized response procedures are necessary to ensure coordinated and centralized incident response activities across agencies. Within 120 days, the Secretary of Homeland Security, in consultation with other relevant authorities, will develop a standard set of operational procedures (playbook) to be used by FCEB agencies. The playbook will incorporate NIST standards and articulate progress through all phases of incident response.
Improving Detection of Cybersecurity Vulnerabilities and Incidents on Federal Government Networks
The Federal Government must maximize early detection of cybersecurity vulnerabilities and incidents on its networks. FCEB agencies will deploy an Endpoint Detection and Response (EDR) initiative for proactive detection and response activities. Recommendations for implementing the EDR initiative will be provided within 30 days, and requirements for adoption will be issued within 90 days.
Improving the Federal Government’s Investigative and Remediation Capabilities
Agencies and their IT service providers must collect and maintain network and system logs for effective investigation and remediation of cybersecurity incidents. Within 14 days, recommendations will be provided for requirements on logging events and retaining relevant data. Agencies will establish or update Memoranda of Agreement (MOA) with the Cybersecurity and Infrastructure Security Agency (CISA) to ensure access to relevant data for analysis and threat-hunting purposes.
National Security Systems
The Department of Defense and agencies in the Intelligence Community will adopt cybersecurity requirements equivalent to or exceeding those set forth in this order for Federal Civilian Executive Branch (FCEB) Information Systems. National Security Systems requirements will be codified in a National Security Memorandum.
Definitions
Several definitions are provided in this order to clarify terms used, including “auditing trust relationship,” “cyber incident,” “Federal Information Systems,” and “Zero Trust Architecture,” among others.
General Provisions
This order does not impair the authority granted by law to executive departments or agencies, nor does it alter the functions of the Director of the Office of Management and Budget. The order shall be implemented in a manner consistent with applicable law and subject to the availability of appropriations.
Joseph R. Biden Jr.
The White House, May 12, 2021
Nguồn: https://eireview.org
Danh mục: Technology
