OMB official reviews progress six months after cyber EO – FCW
OMB official reviews progress six months after cyber EO
A federal official tasked with overseeing the execution of the executive decree on cybersecurity signed by the president six months ago said the agencies had “come a long way” to meet its aggressive deadlines and ambitious targets.
Steven McAndrews, director of federal civil cybersecurity for the Office of Management and Budget (OMB), said his office was working closely with agencies and industry partners after setting a vision through a series of guidelines to help stakeholders improve their cyber posture.
“Today is the mark of 180 days of cyber EO. We’ve come a long way in those six months,” McAndrews said Monday at ACT-IAC’s Imagine Nation ELC 2021 conference. “We have started to establish the policies that will bring us to the end state that we are looking for.”
The executive order required all federal agencies to adopt multi-factor authentication and encryption for data at rest and in transit by Monday, 180 days after President Joe Biden announced the general guidelines.
OMB and its partners have meanwhile released a steady stream of advice, including the Cybersecurity and Infrastructure Security Agency (CISA) and the National Institute of Standards and Technology (NIST), telling agencies how to meet the requirements outlined in the decree. . These guidance documents include a federal zero trust strategy The OMB released earlier this year outlining key security outcomes for agencies to establish basic cybersecurity requirements.
CISA also launched multiple efforts to engage key stakeholders and ensure that agencies were on track to meet deadlines, including a common site with OMB covering zero trust implementation.
McAndrews said the OMB plans to release new policies and guidelines soon that better address critical cybersecurity needs, while working to produce “logical timelines, roadmaps and actions” designed to create consistency within the federal government.
“The memos and policies we have issued relate directly to each of the sections set out in the OE,” he said. “There is a large amount of deliverables throughout the [EO] and we took it piece by piece, one section at a time to make sure we’re dealing with them and giving them our full attention and… putting in place policies to be successful in every agency. “
Even as McAndrews spoke, federal cyber officials were responding to yet another major cyberattack, this one with links to China, in which a threatening actor “managed to compromise at least nine global entities in tech sectors, defense, health, energy and education ”. according to a report from the security company Palo Alto Networks.
Chris Riotta is a writer at FCW and covers government procurement policy and technology. Chris joined FCW after covering American politics for three years at The Independent. He received his Masters degree from Columbia University Graduate School of Journalism, where he served as Class 2021 President.