Executive Order Sets New Standards for Cybersecurity

    May 22, 2017 recently summarized the May 11 executive order (EO) that requires all federal executive agencies to adhere to a single security framework, in an effort to improve the nation’s defenses against pervasive cyberattacks.

    The White House directive intensifies the need for organizations – especially those in critical infrastructure sectors – to adopt a formal cybersecurity standards like that published by the National Institutes of Standards & Technology (NIST). Corporate managers must make sure that cybersecurity is a “living and breathing strategy within the organization,” according to JDSupra’s slant on the EO.

    Going forward, clients may ask more pointed questions about security procedures a company follows, particularly if those clients have contracts with federal agencies.

    Called “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure,” the EO mandates that every federal agency immediately adopt “The Framework for Improving Critical Infrastructure Cybersecurity” (often called NIST CSF).

    NIST CSF has dozens of security rules that are organized in five categories: Identify, Protect, Detect, Respond, and Recover. The Obama administration had encouraged private companies to adopt NIST CSF. The EO now actually requires federal agencies to do so.

    Agency chiefs will be held personally responsible for risk management, and each must report to the Office of Management and Budget within 90 days to apprise the agency of its plans to institute the EO.

    The EO says that “Effective immediately, it is the policy of the executive branch to build and maintain a modern, secure, and more resilient executive branch IT architecture.” 

    © 2017, ARMA International