Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Register for CSA’s free Virtual Cloud Trust Summit to tackle enterprise challenges in cloud assurance.

President Biden’s Cybersecurity Executive Order: What will it mean for you?

Home
Industry Insights
President Biden’s Cybersecurity Executive Order: What will it mean for you?

Blog Article Published: 06/01/2021

This blog was originally published by OneTrust here.

On May 12, US President Joe Biden issued an executive order on cybersecurity seeking to improve the state of national cybersecurity in the US and to increase protection of government networks following incidents involving SolarWinds and more recently the Colonial Pipeline hack. The Executive Order outlines the need to modernize cybersecurity defenses in the country as well as opening channels for sharing information relating to cybersecurity threats and breach information. This will undoubtedly bring about concerns for many organizations whose contractual obligations often make these incidents difficult to report, but it also highlights the importance of organizations ensuring that their supply chain is secure and that their vendors meet the necessary cybersecurity requirements.

Watch this webinar: US Cybersecurity Executive Order: How It Will Impact Your Vendor Risk Strategy

The Executive Order looks to lead from the front stating; “the Federal Government needs to make bold changes and significant investments in order to defend the vital institutions that underpin the American way of life […] The Federal Government must lead by example. All Federal Information Systems should meet or exceed the standards and requirements for cybersecurity set forth in and issued pursuant to this order.” And while the Government looks to set a precedent, there are several implications that will affect the way in which private-sector organizations approach their security processes including providing proof of the integrity of open-source code and the security of legacy software, particularly if you are selling software to the federal government.

“In the end, the trust we place in our digital infrastructure should be proportional to how trustworthy and transparent that infrastructure is, and to the consequences we will incur if that trust is misplaced.”

President Joe Biden, Executive Order on Improving the Nation’s Cybersecurity

The White House also published a factsheet which highlights the seven key points that the Executive Order looked to address:

  • Remove Barriers to Threat Information Sharing Between Government and the Private Sector
  • Modernize and Implement Stronger Cybersecurity Standards in the Federal Government
  • Improve Software Supply Chain Security
  • Establish a Cybersecurity Safety Review Board
  • Create a Standard Playbook for Responding to Cyber Incidents
  • Improve Detection of Cybersecurity Incidents on Federal Government Networks
  • Improve Investigative and Remediation Capabilities

What does the Executive Order mean for organizations?

The heightened emphasis on the transparency of cybersecurity outlined in the Executive Order and the consequences for not meeting requirements will lead to a surge in organizations reviewing their third-party contracts. Improving the security of the software supply chain is a key component of the Executive Order and organizations must now look to verify they are working with secure vendors. This will also likely lead to increased scrutiny of vendor risk assessments, potential security gaps in the supply chain, and the remediation policies that are currently in place.

Further to the increased security of the supply chain, it will fall to organizations to ensure their vendors have the proper contract terms in place to allow for the transparent sharing of threat and breach information. In addition, vendor assessments will need to address whether FedRamp guidelines are being met, including assessment, authorization, continuous monitoring, and compliance.  

Given The White House’s pledge to ensure government systems “meet or exceed the standards and requirements for cybersecurity” outlines in the Executive Order, organizations that are looking to sell software to government agencies should expect more stringent evaluations of their own security to make sure the appropriate requirements are being met. The top-down approach to cybersecurity standards will set the benchmark for organizations, therefore, it is critical that you and your vendors’ security programs meet the necessary requirements in order to sell software to government agencies.  

Vendor risk management is likely to come under the microscope for many organizations following the release of President Biden’s Executive Order on Cybersecurity and lead to the security of the software supply chain being scrutinized. The result is that many organizations will need to re-visit their existing vendor contracts as well as their own security processes in order to meet new standards and protect eligibility for government agency contracts.

Watch this webinar: US Cybersecurity Executive Order: How It Will Impact Your Vendor Risk Strategy

Further reading on President Biden’s Executive Order on Cybersecurity:

The White House Fact Sheet: President Signs Executive Order Charting New Course to Improve the Nation’s Cybersecurity and Protect Federal Government Networks
Cloud Incident ResponseEnhancing cloud security strategyLegalVulnerabilities

Share this content on your favorite social network today!

Latest from CSA
AI Summit at RSAC 2024
The State of AI and Security Survey Report
Data Resiliency Survey 2024
Trending This Week
#1 What is the Cloud Controls Matrix (CCM)?
#2 Zero Trust and AI: Better Together
#3 Test Accounts: Another Compliance Risk
#4 AI Safety vs. AI Security: Navigating the Commonality and Differences
#5 Is PQC Broken Already? Implications of the Successful Break of a NIST Finalist
Enhance your cloud security skills with CSA's online training options.
Related Articles:
Do You Know These 7 Terms About Cyber Threats and Vulnerabilities?

Published: 04/19/2024

10 Tips to Guide Your Cloud Email Security Strategy

Published: 04/17/2024

The Widening Overlap Between Cloud Workloads and Cybersecurity

Published: 04/17/2024

How to Audit Your Outdated Security Processes

Published: 04/16/2024