Today the White House announced the signing of an executive order focused on strengthening the cybersecurity of federal networks, critical infrastructure, and the US public.
As part of the focus on increasing security of federal networks, according to the executive order, all agencies will be held accountable for “implementing risk management measures commensurate with the risk and magnitude of the harm that would result from unauthorized access, use, disclosure, disruption, modification, or destruction of IT and data.”
Additionally, each federal agency will be required to “use The Framework for Improving Critical Infrastructure Cybersecurity (the Framework) developed by the National Institute of Standards and Technology, or any successor document, to manage the agency’s cybersecurity risk.”
Agencies have 90 days to provide a risk management report to the Secretary of Homeland Security and the Director of the Office of Management and Budget (OMB). The report is required to document the choices made by the agency for risk mitigation, providing the “strategic, operational, and budgetary considerations that informed those choices;” and “any accepted risk, including from unmitigated vulnerabilities.” Each agency is also required to submit an action plan for implementing the NIST Framework.
Homeland Security and the Office of Management and Budget are also charged with conducting regular audits to evaluate risk and determine whether there is adequate budget to meet that risk.
Read the full Executive Order here.