top of page

Welcome to Crime and Justice News

Crime and Justice News

Federal Officials Issue Long-Awaited Cybersecurity Guidance

A White House office is publishing guidelines on how federal agencies and government contractors will comply with President Biden’s order last year that federal systems and vendors meet common cybersecurity standards. The memo is perhaps the most-awaited cybersecurity guidance from the Office of Management and Budget since Chief Information Security Officer Chris DeRusha joined the Biden administration at the beginning of 2021, reports the Washington Post. It has the potential to affect the security of government systems and the federal ability to provide services, as well as the process for billions of dollars worth of federal contracts. This puts pressure on any company that might want do business with the federal government to meet the government standards, as a senior administration official said before rolling out Biden’s executive order that spawned today’s memo. “We’re all using Outlook email. We’re all using Cisco and Juniper routers,” the official said. “So, essentially, by setting those secure software standards, we’re benefiting everybody broadly.”


Besides the memo, OMB is publishing a blog post from DeRusha. The post mentions how using software that complies with secure software development standards will help the federal government to "quickly identify security gaps when new vulnerabilities are discovered." Biden’s May 2021 cybersecurity executive order listed many mandates, ranging from requiring agencies to employ security tools like encryption to establishing a Cyber Safety Review Board to analyze major cyberattacks. The memo followed a series of high-profile hacks, one of which, the breach of software company SolarWinds, let spies worm their way into at least nine federal agencies. One of the directives was for the National Institute of Standards and Technology to create a foundation for developing secure software. NIST’s final framework includes top-level steps like: "Producing well-secured software with minimal security vulnerabilities in its releases and identifying residual vulnerabilities in software releases and responding appropriately to address those vulnerabilities and prevent similar vulnerabilities from occurring in the future.” OMB ordered agencies to begin adopting that framework in March with the goal of ensuring a consistent approach among all agencies and treatment of vendors.

10 views

Recent Posts

See All

Commentaires


A daily report co-sponsored by Arizona State University, Criminal Justice Journalists, and the National Criminal Justice Association

bottom of page