Executive Order on Improving the Nation’s Cybersecurity

As cyber threats become more advanced and widespread, the United States must take bold action to protect its digital infrastructure. This executive order outlines a comprehensive strategy to enhance cybersecurity across federal systems, strengthen collaboration with the private sector, and safeguard critical institutions. The Federal Government aims to build a safer, more resilient cyberspace for the American people by adopting modern security practices, promoting information sharing, and improving incident response.

Section 1: Policy Statement

The United States faces a growing threat from increasingly sophisticated cyberattacks that endanger the public and private sectors and compromise the security and privacy of the American people. To counter these threats, the Federal Government must enhance its ability to identify, prevent, detect, and respond to malicious cyber activities. Learning from past cyber incidents is critical to strengthening future defense mechanisms. However, cybersecurity requires collaboration between the government and the private sector, which must adapt to changing threats and ensure their systems and products are secure. Trust in digital infrastructure should be proportionate to its transparency and reliability, with the Federal Government leading by example.

Incremental improvements are insufficient. The Federal Government must make bold changes and significant investments to defend critical institutions. This includes securing information technology (IT) and operational technology (OT) systems, whether cloud-based, on-premises, or hybrid.

Section 2: Enhancing Information Sharing

The Federal Government contracts with IT and OT service providers with unique insights into cyber threats. However, existing contractual limitations often restrict the sharing of critical information with agencies like CISA and the FBI. To strengthen cybersecurity response efforts, these barriers must be removed. Within 60 days, the Director of OMB will review and recommend updates to contract language to ensure:

• Service providers collect and preserve data relevant to cybersecurity event detection and investigation.
• Providers share data and incident information with appropriate agencies.
• Service providers collaborate with federal cybersecurity agencies during incident investigations.

Section 3: Modernizing Federal Cybersecurity

To keep pace with evolving cyber threats, the Federal Government will:

• Adopt Zero Trust Architecture.
• Transition to secure cloud services, including SaaS, IaaS, and PaaS.
• Centralize cybersecurity data access to enhance threat detection and response.

Within 60 days, agency heads must update their cloud adoption plans and develop a roadmap for Zero Trust implementation.

Section 4: Strengthening Software Supply Chain Security

The security and integrity of software used by the Federal Government are critical for protecting national security and public safety. To address growing threats to the software supply chain, the Secretary of Commerce, through NIST, will engage with industry leaders, cybersecurity experts, and other stakeholders within 30 days to develop comprehensive security standards. These guidelines will focus on creating secure development environments, identifying vulnerabilities, and ensuring software supply chain transparency. A key component of these efforts is adopting a Software Bill of Materials (SBOM), which will provide visibility into software components and help identify potential risks.

Section 5: Establishing a Cyber Safety Review Board

To strengthen the nation’s cybersecurity posture, a Cyber Safety Review Board (Board) will be established to assess major cyber incidents and recommend improvements. The Board will comprise federal officials from agencies such as DHS, DOJ, CISA, and private-sector cybersecurity experts. Within 90 days of its formation, the Board will review recent significant cyber incidents and submit actionable recommendations to enhance response practices. This collaborative effort will ensure that lessons learned from past incidents guide future cybersecurity strategies and improve national resilience against cyber threats.

Section 6: Standardizing Incident Response Procedures

Consistent and coordinated responses to cyber incidents are essential for protecting federal systems. A standardized incident response playbook will be developed within 120 days, incorporating best practices from NIST and other leading cybersecurity frameworks to achieve this. The playbook will define key processes, timelines, and reporting structures to ensure consistency across federal agencies. Additionally, it will introduce a common lexicon for describing incidents, enabling seamless communication between agencies and ensuring that all stakeholders are aligned when responding to cyber threats and vulnerabilities.

Section 7: Improving Threat Detection Across Federal Networks

Endpoint Detection and Response (EDR) technology will be deployed across federal systems to strengthen the Federal Government's ability to detect and respond to cyber threats. EDR enhances real-time visibility, enabling proactive threat hunting and rapid incident response. Within 90 days, agencies must comply with EDR implementation guidelines and integrate these capabilities into their cybersecurity frameworks. This initiative will empower the Federal Government to identify malicious activity quickly, minimize the impact of cyber incidents, and improve overall security posture.

Section 8: Enhancing Log Management and Retention

Logs from federal systems play a critical role in identifying, investigating, and remediating cyber incidents. To improve log management, DHS, in consultation with relevant agencies, will provide detailed recommendations on log retention policies within 14 days. These recommendations will specify the types of logs to be maintained, appropriate retention periods, and methods for ensuring log integrity and security. Agencies must adopt these policies to ensure that critical data is preserved and readily accessible for cybersecurity analysis and threat mitigation.

Section 9: National Security Systems (NSS) Compliance

National Security Systems (NSS) require the highest levels of cybersecurity to protect sensitive government operations. Within 60 days, the Secretary of Defense, in collaboration with the Director of National Intelligence, will adopt cybersecurity standards for NSS that meet or exceed the requirements outlined in this order. These standards will address the unique security challenges of NSS environments and ensure that national security-related systems remain resilient against evolving cyber threats.

Section 10: Definitions

This section clarifies key terms used in the order:

• Zero Trust Architecture (ZTA): A security model that assumes no implicit trust, requiring continuous verification and limiting access to minimize potential harm from threats.
• Software Bill of Materials (SBOM): A detailed record of software components used in a product, enabling organizations to quickly identify vulnerabilities and respond to emerging threats.

Section 11: Implementation and Compliance

Applicable laws will implement this order and are subject to the availability of necessary funding. Agencies are expected to comply with all provisions to enhance cybersecurity resilience. However, nothing in this order interferes with ongoing criminal or national security investigations, ensuring that cybersecurity efforts are aligned with law enforcement and intelligence operations.