bofotolux | Shutterstock

President Biden has signed a national security memorandum on Improving the Cybersecurity of National Security, Department of Defense, and Intelligence Community Systems, an expansion on last May’s EO 14028. The order spells out how the cybersecurity requirements for civilian agencies in that EO — such as zero-trust models, multi-factor authentication, cloud security, and encryption — should also be instituted across national security systems.

The memo gives the NSA authority as “National Manager” for national security systems to issue related binding operational directives, coordinating with the CIA, FBI, DoD, and the Director of National Intelligence. NSA is to work with the Department of Homeland Security’s CISA on systems interacting with civilian agencies, and share directives with a view toward adopting each other’s requirements. The memo also sets standards for encryption of classified systems, and the transition to quantum-resistant encryption. Implementation deadlines of 60–180 days for various requirements are specified.

Sources: