Executive Order on Improving the Nation’s Cybersecurity


On May 12, President Biden signed Executive Order 14208, “Improving the Nation’s Cybersecurity” to support our nation’s cybersecurity and protect the critical infrastructure and Federal Government networks underlying our nation’s economy and way of life.

Executive Order Key Points 

  • Remove Barriers to Threat Information Sharing Between Government and the Private Sector
    • The EO ensures that IT Service Providers are able to share information with the government and requires them to share certain breach information.
  • Modernize and Implement Stronger Cybersecurity Standards in the Federal Government
    • The EO helps move the Federal Government to secure cloud services and a zero-trust architecture, and mandates deployment of multifactor authentication and encryption within a specific time period.
  •  Improve Software Supply Chain Security
    • The EO will improve the security of software by establishing baseline security standards for development of software sold to the government, including requiring developers to maintain greater visibility into their software and making security data publicly available.
    • It also creates a pilot program to create an “energy star” type of label so the government – and the public at large – can quickly determine whether software was developed securely.
  • Establish a Cyber Safety Review Board
    •  The EO establishes a Cyber Safety Review Board, co-chaired by government and private sector leads, with the authority to convene following a significant cyber incident to analyze what happened and make concrete recommendations for improving cybersecurity. This board is modeled after the National Transportation Safety Board, which is used after airplane crashes and other incidents.
  • Create a Standard Playbook for Responding to Cyber Incidents  
    • The EO creates a standardized playbook and set of definitions for cyber incident response by federal departments and agencies. The playbook will ensure all federal agencies meet a certain threshold and are prepared to take uniform steps to identify and mitigate a threat and serve as a template for the private sector to use in coordinating response efforts.
    • Improve Detection of Cybersecurity Incidents on Federal Government Networks.
    • The EO improves the ability to detect malicious cyber activity on federal networks by enabling a government-wide endpoint detection and response (EDR) system and improved information sharing within the Federal Government.
  •  Improve Investigative and Remediation Capabilities
    • The EO creates cybersecurity event log requirements for federal departments and agencies to improve an organization’s ability to detect intrusions, mitigate those in progress, and determine the extent of an incident after the fact.

CISA’s Role in the EO 

  • Remove Barriers to Threat Information Sharing Between Government and the Private Sector
    • CISA will work with OMB to recommend contract language that makes sharing critical data easier, including breach notification thresholds and frameworks, and requires implementation of improved security measures across federal contractors.
    • CISA and our interagency partners will also develop procedures for ensuring that cyber incident reports are shared quickly among federal agencies,  enabling faster response.
  •  Modernizing and Implementing Stronger Cybersecurity Standards across the Federal Government
    • Cloud security is critical to the security of our federal networks. To improve our cloud security, CISA will support efforts ranging from developing a federal cloud security strategy and a cloud service governance framework to refining the process for coordination and collaboration on cybersecurity and incident response for cloud technology to foster better understanding of roles and responsibilities as well as visibility.
    • CISA will also work with the General Services Administration (GSA) and OMB to modernize the Federal Risk and Authorization Management Program (FedRAMP) to help agencies implement a standardized approach to cybersecurity that takes into account the rapidly changing threat landscape and facilitates agility in solution adoption.
    • Stronger cybersecurity standards must be built in at all levels of an agency’s planning. Through the EO, CISA will use its authority to drive adoption of multifactor authentication and encryption for data at-rest and in-transit within six months and will also work with NIST as they develop an initial list of secure software development lifecycle standards for software purchased by the Federal Government and minimum testing requirements for software source code.
  • Improve Software Supply Chain Security
    • Recent incidents have highlighted the importance of the integrity of our software supply chain. The EO directs CISA to leverage our organic expertise to assist NIST in not only developing criteria for designating “critical software” and guidelines for required security measures for all software used by the Federal Government, but in also facilitating a national dialogue on the security of software used by federal agencies because strong cybersecurity is truly a collective effort.
    • We will assist the Department of Commerce in the development of a software bill of materials requirement for products eligible for federal procurement and provide support to the FAR Council in developing regulations for the procurement of software for the Federal Government.
    • Finally, CISA will build on our deep experience to assist the Federal Trade Commission in developing pilot programs to provide guidance and tools to the public on the security of internet of things (IoT) devices and software development practices.
  •  Establish a Cyber Safety Review Board
    • CISA will support the establishment of the Cyber Incident Review Board. The Board will review actions related to the Federal Government cybersecurity incidents and related supply chain compromise activity and provide the Secretary of Homeland Security with recommendations for improving cybersecurity and incident response practices.
  • Create a Standard Playbook for Responding to Cyber Incidents
    • Being prepared and formalizing a standardized plan for how the Federal Government responds to cyber incidents will continue to improve the speed and efficiency with which we can respond to cyberattacks. The EO directs CISA to develop an interagency playbook to lay out actions to be taken and specific roles and responsibilities across the interagency.
  • Improve Detection of Cybersecurity Incidents on Federal Government Networks
    • Early detection of anomalous activity on a federal network means that we can assess the activity immediately, investigate the cause, share information and activate a response sooner. Under the improve detection pillar of the EO, CISA will work with agencies to provide additional insight for the Continuous Diagnostics and Mitigation (CDM) Program, continue the implementation of the persistent cyber hunt, detection, and response capability that was authorized in the most recent National Defense Authorization Act; and work with OMB to ensure that new EDR efforts are adequately resourced and implemented across agencies.
  • Improve Investigative and Remediation Capabilities
    • Understanding the anatomy of an incident is critical to understanding how to mitigate the impacts as well as how to also stop future attacks that could use the same tactics, techniques and procedures.
    • CISA will support OMB in developing and issuing a policy requiring logging, log retention, and log management across federal agencies to improve visibility across the federal landscape.
    • Building on the need for increased visibility into the movements in and out of federal networks, CISA will also work with OMB to design and facilitate the implementation of EDR tools, funded in part by the American Rescue Plan (ARP).

Section 3(c)(ii): Cloud Security Technical Reference Architecture

CISA, in collaboration with the United States Digital Service (USDS) and FedRAMP, developed the Cloud Security Technical Reference Architecture (TRA) in accordance with Section 3(c)(ii) of the Executive Order 14028. As the Federal Government continues to transition to the cloud, this TRA will be a guide for agencies to leverage when migrating to the cloud securely. The document explains considerations for shared services, cloud migration, and cloud security posture management.

Zero Trust Maturity Model

Executive Order (EO) 14208, “Improving the Nation’s Cybersecurity” pushes agencies to adopt zero trust cybersecurity principles and adjust their network architectures accordingly. To help this effort, the Cybersecurity and Infrastructure Security Agency (CISA) developed a Zero Trust Maturity Model to assist agencies as they implement  zero trust architectures. The maturity model complements the Office of Management and Budget’s (OMB) Zero Trust Strategy, designed to provide agencies with a roadmap and resources to achieve an optimal zero trust environment.

CISA’s Zero Trust Maturity Model is one of many roadmaps for agencies to reference as they transition towards a zero trust architecture. The maturity model, which include five pillars and three cross-cutting capabilities, is based on the foundations of zero trust. The maturity model assists agencies in the development of their zero trust strategies and implementation plans and presents ways in which various CISA services can support zero trust solutions across agencies. 

Additional Resources

 

Was this webpage helpful?  Yes  |  Somewhat  |  No