Organizations should look at the cybersecurity executive order as more than a check-the-box mandate. How can my company benefit from the Biden cybersecurity executive order? Software and hardware suppliers to state and local government and private sector should expect changes to become compliance requirements in the future. Companies that supply to defense contractors (or whose software or hardware end up in a contractor’s products or services) are in the supply chain and in a position to introduce risk.Īdditionally, it is expected that the National Institute of Standards and Technology (NIST) will publish supply chain security standards that will likely become a security industry standard. By extension, any vendors whose products are used by those developers - hardware providers, for example - are part of the chain.īesides direct federal contractors, the order also applies to broad commercial subsectors. If you run a software development company, it is likely to be part of the federal government software supply chain even if you don’t know it. Many organizations may not realize they are bound by the order by virtue of the components that they make or supply - especially software components that end up on government systems. Does the Biden cybersecurity executive order affect my company?Īlthough the order is for federal agencies and contractors, it also affects companies in the federal supply chain. By removing contractual barriers to sharing threat intelligence and breach information, the order hopes to encourage information sharing and minimize cultural hesitancy to share information about breaches. The order encourages active participation in vulnerability disclosure programs to establish trust. The SBOM facilitates another major focus of the order – greater transparency on cybersecurity threats and breaches throughout the federal supply chain. ![]() The order also requires that organizations secure their software development processes and access controls. SBOM guidelines are expected to require that organizations list all the components used in the software, including libraries, drivers, firmware, licenses, and operating systems. Organizations are being asked to define “critical” software in their products and provide a Software Bill of Materials - similar to FDA requirements for medical devices such as pacemakers. Of particular interest and impact to many organizations is the order’s focus on enhancing software supply chain security and improving threat information sharing. The order addresses seven core elements and requires agencies to review and develop new guidelines and standards for cybersecurity. Key elements of the Biden cybersecurity executive order
0 Comments
Leave a Reply. |