President Joe Biden has signed a memorandum that outlines requirements to improve the cybersecurity of Department of Defense, Intelligence Community and national security systems in accordance with the cybersecurity executive order issued in May 2021.
The National Security Memorandum provides timelines and guidance on how the federal government will implement the cyber requirements in the EO, including multifactor authentication, cloud technologies, endpoint detection services and encryption, the White House said Wednesday.
Agencies operating a national security system or NSS should update existing plans to prioritize resources for the adoption of cloud technology and come up with a plan to implement zero trust architecture within 60 days of the memo’s issuance.
The memo directs agencies to implement multifactor authentication and encryption for data in transit and at rest within 180 days and requires the National Security Agency to review the CNSS Policy 15 and inform the Committee on National Security Systems on updates to the approved list of commercial national security algorithms within 30 days.
The document requires agencies to identify their NSS and report cyber incidents to the NSA to improve visibility into vulnerabilities occurring on such systems and authorizes the NSA to develop binding operational directives to direct agencies to address suspected or known cyberthreats.
Agencies will be required to have an inventory of cross domain solutions or tools used to transfer data between unclassified and classified platforms. The memo also directs the NSA to develop testing requirements and security standards to ensure the security of CDS tools.
