Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure
Headline: Federal Agencies Must Use National Cybersecurity Framework and Report
What it does: Agencies must use the NIST cybersecurity Framework and submit risk management reports to the Secretary of Homeland Security and the Director of the Office of Management and Budget within 90 days.
- Requires agencies to document and report cybersecurity risks and mitigation choices within 90 days.
- Pushes agencies toward modernizing IT and preferring shared services like email and cloud.
- Creates new assessment and reporting duties that may affect agency budgets and planning.
Summary
This order requires federal agencies to manage cybersecurity risk using the National Institute of Standards and Technology framework and to provide risk management reports to the Secretary of Homeland Security and the Director of the Office of Management and Budget within 90 days. Agency leaders will be held accountable and must align cybersecurity with their planning and budgets.
The order also directs support and reporting for owners of critical infrastructure, pushes federal IT modernization and shared services, and calls for workforce development and international cooperation on cyber threats.
Ask about this order
Ask questions about this executive order and its implications.
What agencies are affected by this order?
How does this order change existing policy?
What are the practical implications of this order?