Everything to Know About the White House’s Cybersecurity Executive Orders
From a major gas pipeline to a top meat producer and even dozens of government agencies— all types of organizations fell victim to cyberattacks over the past year. Ransomware attacks in particular, which have grown a staggering 138% since 2020, have proven to be more disruptive, more costly, and more successful than ever before, requiring organizations to double down on security this summer.
This rise of high-profile cyberattacks has also caught the eye of the nation’s highest office. Over the summer, President Biden signed two sweeping executive orders to call for more stringent cybersecurity protocols and oversight: one aimed at improving national cybersecurity standards and the other at protecting critical American infrastructure. The wide-ranging measures introduce various new security standards that the federal government, and the private sector organizations that work with these agencies, will now need to comply with.
In order to ensure they are meeting these new standards, compliance with the Federal Risk and Authorization Management Program (or FedRAMP) is imperative. However, achieving FedRAMP compliance can be a tricky process, and one that could become more complex as a result of the new executive orders. In order to meet the need for FedRAMP compliant environments, organizations should look to an experienced DevSecOps technology partner, like Contegix, to help them streamline compliance and stay afloat amid a sea of regulatory changes.
Unpacking the Cybersecurity Executive Orders
Signed in May, the first of the two new cybersecurity executive orders: order 14028. This order set deadlines for agencies to develop their own standards and guidelines around cybersecurity. The order also issues certain mandates that will eventually require compliance—such as implementing two-step authentication and data encryption in the months to come.
While much of the order 14028 focuses on strengthening the federal government’s networks from cybersecurity threats, it also explains: “The private sector must adapt to the continuously changing threat environment, ensure its products are built and operate securely, and partner with the Federal Government to foster a more secure cyberspace.”
This means for private sector companies that either supply IT systems or technology to the federal government, or work directly with its agencies, certain new guidelines will have a significant impact. For example, the order will remove barriers to threat information sharing between the government and private sector—regardless of previous contractual agreements or obligations. In addition, it brings updates to modernize FedRAMP: the Federal Risk and Authorization Management Program, which prescribes security standards for cloud service offerings. Finally, the order also introduces new security standards for software developed for or licensed to the government, creates a standard set of operational procedures for contractors and establishes a cybersecurity safety review board.
At the end of July, Biden signed a National Security Memorandum (NSM) introduced more recommendations for private sector organizations (in particular, those that work with essential services like power, water and transportation) to ensure better security practices. However, most of these new measures—which include adding security standards like data encryption and multifactor authentication—are voluntary for now, as the administration looks to develop “cybersecurity performance goals” to assess how prepared each company is to fend off potential cyber attacks.
The Need for FedRAMP Compliance, and a FedRAMP-authorized DevOps Technology Partner
Understanding the newest and most distinct requirements of the recent cybersecurity executive orders can be a complicated and time-consuming undertaking for developers and operations teams. And although changes aren’t being enforced today, it’s critical organizations act now to meet fast-approaching deadlines for specific directives that are only months or even weeks away.
Achieving compliance with FedRAMP will become an essential way for organizations to ensure they are meeting the necessary regulatory standards. However, FedRAMP compliance has earned a reputation for being a notoriously difficult IT certification, as it is rife with 14 laws and regulations and 19 standard and guidance documents—and likely more to come as a result of the executive orders.
But by partnering with an experienced, FedRAMP-authorized DevOps technology partner like Contegix, organizations that work with the government can streamline the path to FedRAMP compliance. Contegix’s team of FedRAMP experts perform the heavy lifting of creating compliant cloud environments, while also providing ongoing management and support, so IT teams can stay focused on more strategic priorities with peace of mind that regulatory compliance is taken care of—even as requirements continuously evolve.
To guarantee FedRAMP compliance and adherence to the latest cybersecurity executive orders from the White House, organizations should look to a FedRAMP-authorized partner to empower developers and operations teams with everything they need to run highly available, compliant and cost-effective environments. From managed integration and security assessments to isolated private application infrastructure and customizable, cost-effective solutions—Contegix can help remove the burden and cost of compliance.
For more information about partnering with Contegix to guarantee security and compliance with regulatory requirements, click here.