Jan 20, 2022
66 Views
0 0

Biden gives defense, intel agencies 180 days to apply MFA, encryption

Written by

Industry criticized Biden’s May cyber executive order, which emphasized the need for public-private partnerships, for lacking consequences or incentives for applying security standards. The recent requirements are the latest attempt by the Biden administration to bolster U.S. cyber standards. 
NSS operators handle classified and declassified information, which requires specialized information sharing and intelligence protection guidelines, which the NSA and DHS are tasked with establishing within 60 days. 
In July, the Biden administration directed the Cybersecurity and Infrastructure Security Agency (CISA), the National Institute of Standards and Technology (NIST) and Office of Management and Budget to establish performance goals for critical infrastructure. Wednesday’s order aims to have NSS operators use the same network cybersecurity measures required of federal civilian networks, as outlined in the May executive order. 
The memorandum allows the NSA to issue binding operational directives to NSS operators, akin to CISA’s authority for civilian government networks. The memo directs the NSA and DHS to share directives and “learn from each other” to determine if directives should be applied across agencies, a White House fact sheet said
NSS operators are expected to report to the NSA or their Federal Cyber Center any threat or compromise detected on a network that facilitates a cross domain solution (CDS) “when one side of the CDS connects to NSS operated by or on behalf of the agency.” The NSA, director of national intelligence, and CIA are expected to create reporting procedures within 90 days of the memorandum.
The directive provides an estimation on what the administration views as priority cybersecurity requirements. For example, the memo gives agencies 60 days to update “existing agency plans to prioritize resources for the adoption and use of cloud technology, including adoption of zero trust architecture as practicable.” 
NSS operators must also have a plan for zero trust implementation, adhering to NIST guidance and Committee on National Security Systems (CNSS) instructions. The NSA and CNSS have 90 days to create the policies agencies are expected to adhere to. 
Follow on Twitter
Get the free daily newsletter read by industry experts
The agency is encouraging private entities and local governments to monitor the catalog, though its usefulness will depend on a company's resources.
"PrintNightmare is just like the flipping gift that keeps on giving," Jason Slagle of CNWR IT Consultants said. "You can get popped by it, and then literally every week there's some sort of update." 
Subscribe to Cybersecurity Dive for top news, trends & analysis
Get the free daily newsletter read by industry experts
Want to share a company announcement with your peers?
Share your announcement
The agency is encouraging private entities and local governments to monitor the catalog, though its usefulness will depend on a company's resources.
"PrintNightmare is just like the flipping gift that keeps on giving," Jason Slagle of CNWR IT Consultants said. "You can get popped by it, and then literally every week there's some sort of update." 
The free newsletter covering the top industry headlines

source

Article Categories:
Cybersecurity News

Comments are closed.