Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure
Federal Agencies Must Use National Cybersecurity Framework and Report
What it does
Agencies must use the NIST cybersecurity Framework and submit risk management reports to the Secretary of Homeland Security and the Director of the Office of Management and Budget within 90 days.
Real-world impact
- Requires agencies to document and report cybersecurity risks and mitigation choices within 90 days.
- Pushes agencies toward modernizing IT and preferring shared services like email and cloud.
- Creates new assessment and reporting duties that may affect agency budgets and planning.
Topics
Summary
This order requires federal agencies to manage cybersecurity risk using the National Institute of Standards and Technology framework and to provide risk management reports to the Secretary of Homeland Security and the Director of the Office of Management and Budget within 90 days. Agency leaders will be held accountable and must align cybersecurity with their planning and budgets.
The order also directs support and reporting for owners of critical infrastructure, pushes federal IT modernization and shared services, and calls for workforce development and international cooperation on cyber threats.
Questions, answered
Ask questions about this executive order and its implications. Try:
- “What agencies are affected by this order?”
- “How does this order change existing policy?”
- “What are the practical implications of this order?”