Connect with us

Hi, what are you looking for?

Cyber Security

White House Memo Orders Agencies to Identify Critical Software

The memo follows up President Joe Biden’s executive order in May.

Federal agencies have 60 days to identify critical software in their systems and one year to secure it, according to a memo issued Aug. 10 by the Office of Management and Budget.

The memo, authored by OMB Acting Director Shalanda Young, is resultant from President Joe Biden’s May 12 executive order on improving the nation’s cybersecurity, which laid groundwork for several directives. One of those directives instructed the National Institute of Standards and Technology to define “critical software” for agencies, and the memo builds on the definition NIST released in June. The definition applies to “software of all forms,” according to the memo, including “standalone software, software integral to specific devices or hardware components” and cloud-based software that is purchased for or deployed for operational purposes. NIST defines critical software as software that runs on or depends on software that:

  • is designed to run with elevated privilege or manage privileges;
  • has direct or privileged access to networking or computing resources;
  • has designed to control access to data or operational technology;
  • performs a function critical to trust; and
  • operates outside of normal trust boundaries with privileged access.

“The United States faces increasingly sophisticated malicious cyber campaigns that threaten the public sector, the private sector, and, ultimately, the American people’s security and privacy,” the memo reads. “The Federal Government must improve its efforts to detect, identify, deter, protect against, and respond to these campaigns and their perpetrators.”

In this initial phase of critical software guidance, agencies are directed to focus first on identify, credential and access management, operating systems, web browsers, endpoint security, network control, network protection, networking monitoring and configuration, operational monitoring and analysis, remote scanning, remote access and backup or remote storage.

The memo also provides a schedule agencies must follow implementing critical software guidance. Within 60 days from the memo’s issuance, agencies must “identify all agency critical software, in use or in the process of acquisition.” Agencies further have one year to implement security measures designated by NIST for all categories of the initial critical software guidance, and one year to incorporate subsequent security measures for each guidance update from NIST. 

Source: https://www.nextgov.com/cybersecurity/2021/08/white-house-memo-orders-agencies-identify-critical-software/184495/

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

How a cornerstone cybersecurity program has evolved from information collection to active defense. The Cybersecurity and Infrastructure Security Agency has used its Continuous Diagnostics...

Cyber Security

Cybercriminals are increasingly leveraging extreme weather events to launch attacks on critical infrastructure sectors. Cybersecurity experts say critical infrastructure operators can leverage a set...

Cyber Security

A new report says a cyber threat actor within Russia’s military intelligence service leveraged a novel malware campaign targeting Android devices used by the...

Cyber Security

The United States is facing an unsustainable demand for water and lacks the security posture to defend the nation’s water systems from emerging threats,...

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO