On May 12, 2021, President Biden issued an Executive Order outlining changes within the Executive Branch regarding cyberdefense standards. (You can read the entire text of the Executive Order HERE.)
Three Important Focal Points:
The Executive Branch of the Federal Government is moving toward unifying incident response. (Section 3.c of Executive Order.)
As noted in previous historical events, such as the findings of the 9/11 Commission, agencies that have difficulty working together lose efficiency and things often “fall through the cracks”. By unifying incident response, the bureaucracy can more effectively streamline both hardware and process. We expect this holistic approach will be beneficial, just as (on a much smaller scale) as an IT Managed Services Provider (MSP) we prefer our customers to adhere to a basic minimum standard of hardware and policy.
IT Providers servicing the Executive Branch will have more stringent reporting requirements regarding cyber-incidents. (Section 2.c of Executive Order.)
This is important in relation to our previous point. As issues are identified, they will soon be required to be reported and shared. This, ideally at least, will improve the efficacy of the entire system as changes are integrated through the various agency networks and policies.
The Executive Branch of the Federal Government is, overall, incorporating more modern cybersecurity solutions and preparations. (Section 3.a and 3.b of Executive Order.)
These solutions appear to be primarily basic standards that we would encourage our customers to employ. Still, even moving toward a basic standard is an improvement if this is not currently mandated.
What does this mean?
Many of these steps seem to have been a long time coming for our Federal government, agents, and contractors. Still, we applaud the efforts to increase cybersecurity and encourage private sector entities to follow suit, especially as it comes to maintaining security standards, developing incident response plans, and continually improving systems.
If you follow this blog, you’ll notice most of the aforementioned topics have previously appeared in our articles. Multifactor authentication. Investments in technical and human cybersecurity approaches. Zero trust policies. And for good reason! At the risk of sounding like a broken record, strengthening cybersecurity—as a standard policy—is an increasingly critical aspect of maintaining operations for modern companies and organizations.
For those required to comply with NIST 800-171/CMMC standards, we can also view these Executive Orders as a tacit acknowledgement that cyberattacks on private companies can have regional or national effects and the Federal Government is taking it more seriously than in the past. CMMC has been delayed, but we expect that the ball will begin rolling much faster on it. While that is not solely due to this document, the Order demonstrates the focus with which the government is attempting to move. Some companies that previously self-reported for NIST 800-171—and not always with due diligence—have found this to be an issue already. We urge affected companies to get IT affairs in order now to allow for necessary budgeting and time to complete any projects that will be needed. Request information regarding CMMC prep here.
If you’re not sure where to start, WE CAN HELP. Please fill out our contact form or just give us a call! This is a matter you don’t want to be careless…it could become a large, long, and unwelcome interruption to your organization’s productivity!