President Biden has signed a national security memorandum on Improving the Cybersecurity of National Security, Department of Defense, and Intelligence Community Systems, an expansion on last May’s EO 14028. The order spells out how the cybersecurity requirements for civilian agencies in that EO — such as zero-trust models, multi-factor authentication, cloud security, and encryption — should also be instituted across national security systems.
The memo gives the NSA authority as “National Manager” for national security systems to issue related binding operational directives, coordinating with the CIA, FBI, DoD, and the Director of National Intelligence. NSA is to work with the Department of Homeland Security’s CISA on systems interacting with civilian agencies, and share directives with a view toward adopting each other’s requirements. The memo also sets standards for encryption of classified systems, and the transition to quantum-resistant encryption. Implementation deadlines of 60–180 days for various requirements are specified.
Sources:
- White House: Memorandum on Improving the Cybersecurity of National Security, Department of Defense, and Intelligence Community Systems
- FedScoop: Biden Signs Memorandum to Improve Cybersecurity Across Dod, Intelligence Community
- Nextgov: NSA to Get Binding Operational Directive Authority Under New Cyber Policy
- Breaking Defense: Biden Signs Memo to Secure DoD, IC National Security Systems
- Federal News Network: Biden Says Defense, Intel Agencies Have to Follow Cyber EO Requirements, Too