The changing of the guard in Washington DC has brought about the final wave of directives from the outgoing administration. January 16th saw the publishing of the Executive Order (EO) on Strengthening and Promoting Innovation in the Nation’s Cybersecurity. While I am not going to dissect this EO line-by-line, I am going to outline a few high points, and delve deeper in later postings.
What does this mean?
For the cyber professionals and developers, we’re going to be getting busier in 2025.
For organizations as a whole, there is more clear cut, defined guidance, especially for those tasked with maintaining and defending critical digital infrastructure.
This most recent EO is the next layer in the White House’s efforts to secure the nation. It adds to the marching orders that were given in Executive Order 14028: Improving the Nation’s Cybersecurity.
Specifics: What to expect?
Providing that the incoming administration does not reverse this (always a possibility when the controlling party assumes the mantel of leadership). We can expect to see increased levels of accountability, awareness, and transparency, as well as further focus on emerging technologies and innovations.
Updated Compliance
Expect to see increased compliance requirements with NIST SP 800-218: Secure Software Development Framework (SSDF), NIST SP 800-161: Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, with annual implementation updates provided to the Office of Management and Budget (OMB).
Escalation of 3rd Party Risk Management practices, particularly surrounding government service providers.
A revamping of the Federal Acquisition Regulation.
This is far from a comprehensive look at what is to come. Look to the coming months to see this EO enacted or redacted. From a professional standpoint, these are all things that should already be happening in our government and industries. For those that have listened to me talk previously on the state of cybersecurity, we cannot continue to utilize lean business practices when it comes to securing systems or data environments. Whether you’re a government or private sector organization, we all continue to be vulnerable targets because leaders don’t mind cutting corners or skipping a few steps to save a few bucks.
Remember, good practices aren’t cheap, and cheap practices aren’t good. Plain and simple folks!
Nighteagle Security LLC 
Leave a comment