top of page

5 Minute Reads: What The New Executive Order on Cybersecurity Means For You


Cybersecurity is a major government focus for 2025
Cybersecurity is a major government focus for 2025

The White House released a new Executive Order on cybersecurity this week. Despite the upcoming change in administrations, it is likely that the new administration will keep this EO, since most of the items catalogued are best practices within the industry. Therefore, firms working with the government should expect that the EO will continue to be in force, and make appropriate preparations. So what does this EO mean for your firm?


Over the next 90-180 days, various parts of the federal government will be required to update their policies and requirements for Cybersecurity compliance. The EO focuses on evidence-based compliance , including documented adherence to secure software development processes, vulnerability assessments, and penetration testing.  It also emphasizes "Zero Trust Architecture" adoption, mandating robust access controls, continuous monitoring, and least privilege principles.


Actions you can take now:


While we wait for detailed guidance, here are some actions your firm can take to get ahead of the game.


Assess your supply chain. A big focus of this effort is to ensure the security of the supply chain, especially components that may be integrated into larger systems. If you have not done so already, assemble a list of partners used by your firm, so you may monitor your supply chain for vulnerabilities.


Create a Software Bill of Materials now, and keep it updated. This will likely be required for sales to the government going forward (https://www.cisa.gov/resources-tools/resources/sbom-faq)


Begin upgrading cryptographic systems to meet quantum-safe standards if you have not done so already. Info on NISTs Quantum Safe standards may be found on their website: https://www.nist.gov/news-events/news/2024/08/nist-releases-first-3-finalized-post-quantum-encryption-standards


For FedRAMPed organizations, expect additional work needed for baselining. The EO requires CISA and NIST to "incentivize or require cloud service providers in the FedRAMP Marketplace to produce baselines with specifications and recommendations for agency configuration of agency cloud-based systems in order to secure Federal data based on agency requirements."


Finally, be sure to keep an eye on key government agency newsletters, such as those from NIST and CISA, which will have more information about detailed implementation in the coming months.

6 views0 comments

Recent Posts

See All

Case Study In Finance

Check out our case study for the Bastilon data manager in a major finance organization. By using Bastilon, they were able to get projects...

Comments


bottom of page