"Biden Executive Order Mandates Zero Trust and Strong Encryption"

President Biden has issued a long-awaited executive order (EO) designed to improve supply chain security, incident detection, response, and overall resilience to threats.  The executive order comes amidst unprecedented attacks on the US government and critical infrastructure, in the form of the SolarWinds, Exchange Server, and Colonial Pipeline attacks, to name just a few.  Among the key measures is a requirement for all federal government software suppliers to meet strict rules on cybersecurity.  Eventually, the plan is to create an “energy star” label so both government and public buyers can quickly and easily see whether software was developed securely.  Other measures included in the executive order are an “aircrash investigation-style” Cybersecurity Safety Review Board, which will make recommendations for improvements after any significant incident, and a standardized playbook for government incident response.  The executive order will also mandate a drive to secure cloud services and zero trust, including multi-factor authentication and data encryption at rest and in transit, by default.  Security experts have welcomed the executive order.

Infosecurity reports: "Biden Executive Order Mandates Zero Trust and Strong Encryption"