Published on September 16th, 2022 📆 | 1923 Views ⚑
0White House Announces Stricter Cybersecurity Guidelines and Rules
https://www.ispeech.org/text.to.speech
The White House, on Wednesday, released new cybersecurity guidelines to provide details on the executive order signed by President Biden in May of last year.
The guidelines are based on the Cybersecurity and Infrastructure Security Agencyâs (CISA) recommendations and findings. The White Houseâs statement mentions these guidelines will help ensure protection and enhance security of the software supply chain to government agencies and entities.
The statement from the White House points out three important developments moving forward:
- The National Institute of Standards and Technology (NIST) will be responsible for software accreditation.
- Private vendors selling software to state and federal entities and agencies must have accreditation.
- Agencies must ensure inventorying of all software in 90 days. Further, accreditation for critical and non-critical software must be furnished within 270 and 365 days, respectively.
However, the perception of the big, slow bureaucracy is making it harder to believe that public agencies and companies will be able to adopt these cybersecurity regulations and best practices in three months.Â
But, the Biden-Harris Administration is adamant about sticking to its cybersecurity goals. It has no plans of offering any quarters to any agency on the matter.Â
Doubling Down on the May 12th Executive Order
Last yearâs executive order signed by President Biden was a key step in modernizing cybersecurity in the federal government. With the rise in cyberattacks, this move was crucial for strengthening the countryâs cyber defenses.
The administration recognizes that most cyberattacks against federal agencies have come from unaffiliated sources. Moreover, the new legislation also aims to protect against attacks from adversarial nations such as China, mentioned as one of the instigators of such attacks in the past.
The policy views cybersecurity as the top priority. It seeks to improve prevention, detection, assessment, and remediation of cyberattack cases.Â
Additionally, the goal is to remove communication barriers and improve information sharing between agencies and entities. The government will set up systems to ease communication and information-sharing between the Intelligence Community (IC), CISA, and the FBI, as well as other agencies and departments relevant to the nationâs cybersecurity.
Further, the executive order also plans to modernize cybersecurity for the federal government. The Zero-Trust Architecture and other similar methods would ensure the stability and security of the cybersecurity systems.
Enhancing the Software Supply Chain
After reviewing the current state of affairs, the Biden-Harris administration concluded that federal agencies and government are using outdated, ambiguous, and ineffective security software.
As a result, the executive order called on NIST to provide quality assurance for software purchased and paid for by public entities.Â
Last year, NIST, acting on the administrationâs instructions, collected input from federal agencies, the private sector, National Science Foundation and Yale academia, and other stakeholders for the national cybersecurity strategy.
NIST published the new cybersecurity guidelines under the former acting director of the agency, James Olthoff. New director, Laurie E. Locascio, who took over the role in April after vacating her position at the University of Maryland, renewed the guidelines.
The CISA committee has made the guidelines stricter. In addition, the guidelines will enforce the use of a compartmentalized administrative environment, trust relationship audits, and multi-factor, risk-based authentication across all entities.Â
NIST to Become an Accreditation Agency
Under the executive order, and due to NISTâs expertise in the cybersecurity domain, itâs becoming the linchpin of the Biden-Harris cybersecurity policy.
NIST has already collected information and taken stock of the software used by federal agencies back in 2021. Now, they are well-positioned to provide insights into the software used in the federal government and its entities.
From now on, all entities will need to follow three rules:
- Buy software exclusively from NIST-accredited vendorsÂ
- Procure cybersecurity information and accreditation for existing software
- Conduct regular checks and updates for re-accreditationÂ
And, while some agencies voiced concerns that these new rules may further slow them down, itâs seen as the only way to protect data from intrusions.
CISA Updates and RecommendationsÂ
On top of providing the new cybersecurity guidelines for the public and other federal agencies, CISA gave new recommendations for how itâll function from now on.
During its fourth Cybersecurity Advisory Committee, the members provided these updates to Lieutenant Colonel Jen Easterly. Lt. Col. Easterly has been serving as the director of the Agency since its founding in 2021.
Moreover, CISAâs six subcommittees offered updates on their progress and their functions for the future. The subcommittees also disclosed their plans for protecting the federal institutions and the American public.
Privacy as an Afterthought
Although Mayâs executive order mentions privacy five times, four were in relation to upholding current laws on protecting public privacy.Â
According to opinions, these laws are grossly incomplete and frequently subverted to suit the governmentâs interests over those of the public.
Gloss