Biden NSM requires national security systems to meet or exceed federal civilian cybersecurity standards

Today, President Biden signed a National Security Memorandum (NSM) to improve the cybersecurity of National Security, Department of Defense, and Intelligence Community systems as required by his Executive Order (EO ) 14028, Improving the nation’s cybersecurity. This NSM requires that, at a minimum, national security systems use the same network cybersecurity measures required for federal civilian networks in Executive Order 14028. The NSM builds on the work of the Biden administration to protect our nation from sophisticated malicious cyber activities, from both nation-state actors and cybercriminals.

Cybersecurity is a national security and economic security imperative for the Biden administration, and we are prioritizing and elevating cybersecurity like never before. To secure our critical infrastructure, the Biden administration launched a cutting-edge effort to improve cybersecurity in the electricity and pipeline sectors, leading more than 150 utilities serving 90 million Americans to pledge to deploy cybersecurity technologies, and we are working with other critical sectors on similar projects. action plans. The President released a National Security Memorandum establishing voluntary cybersecurity goals that clearly outline our expectations of critical infrastructure owners and operators, and we continue to work closely with the private sector on the importance of prioritizing cybersecurity as a core part of their efforts to maintain business. continuity. And internationally, the Biden administration has rallied G7 countries to hold nations harboring ransomware criminals accountable, updated NATO’s cyber policy for the first time in seven years, and brought together more than 30 allies and partners to accelerate our cooperation in the fight against cybercrime, improve law enforcement collaboration and stem the illicit use of cryptocurrency.

Modernize our cybersecurity defenses and protect all Federal networks are a priority for the Biden administration, and this national security memorandum raises the bar for the cybersecurity of our most sensitive systems. This NSM:

  • Specifies how the provisions of EO 14028 apply to national security systems. The May 2021 presidential decree required the government to “adopt national security system requirements equivalent to or greater than the cybersecurity requirements set forth in this decree.” In accordance with this mandate, this NSM establishes timelines and guidance on how these cybersecurity requirements will be implemented, including multi-factor authentication, encryption, cloud technologies and endpoint detection services.
  • Improves visibility of cybersecurity incidents occurring on these systems. It requires agencies to identify their national security systems and report cyber incidents that occur on them to the National Security Agency, which under previous policy is the “national steward” of classified US government systems. This will improve the government’s ability to identify, understand and mitigate cyber risks across all national security systems.
  • Requires agencies to act to protect or mitigate a cyber threat to national security systems. The NSM authorizes the National Security Agency, through its role as national manager of national security systems, to create binding operational guidelines requiring agencies to take specific action against known or suspected security threats and vulnerabilities. cybersecurity. This directive is modeled after the Department of Homeland Security Binding Operational Directive for Civilian Government Networks. The NSM directs the NSA and DHS to share guidance and learn from each other to determine whether any of the requirements of one agency’s guidance should be adopted by the other.
  • Requires agencies to secure cross-domain solutions – tools that transfer data between classified and unclassified systems. Adversaries may seek to leverage these tools to gain access to our classified networks, and the NSM is leading decisive action to mitigate this threat. The NSM is asking agencies to inventory their cross-domain solutions and directing the NSA to establish security standards and testing requirements to better protect these critical systems.

Read the full memorandum

Learn more at the White House