A draft of an executive order would direct software companies to inform federal agency clients in the event of a cyber attack within their organizations, keep more digital records and work with the Cybersecurity and Infrastructure Security Agency and the FBI on incident response efforts, Reuters reported Friday.
The order would require multifactor authentication and data encryption within agencies and a “software bill of materials” for critical programs, according to the draft seen by Reuters.
The proposed White House document would establish a cybersecurity incident response board that would spur software companies and victims to share data. The proposed changes will be implemented through modifications to federal acquisition rules.
A spokeswoman for the National Security Council said the White House has not made any decision on the final content of the order, which could be issued as soon as next week.