May 22, 2021
Elizabeth Wharton: @lawyerliz on Twitter
Executive Order: (https://www.americanbar.org/groups/public_education/publications/teaching-legal-docs/what-is-an-executive-order-/)
“An executive order is a signed, written, and published directive from the President of the United States that manages operations of the federal government. They are numbered consecutively, so executive orders may be referenced by their assigned number, or their topic. Other presidential documents are sometimes similar to executive orders in their format, formality, and issue, but have different purposes. Proclamations, which are also signed and numbered consecutively, communicate information on holidays, commemorations, federal observances, and trade. Administrative orders—e.g. memos, notices, letters, messages—are not numbered, but are still signed, and are used to manage administrative matters of the federal government. All three types of presidential documents—executive orders, proclamations, and certain administrative orders—are published in the Federal Register, the daily journal of the federal government that is published to inform the public about federal regulations and actions. They are also catalogued by the National Archives as official documents produced by the federal government. Both executive orders and proclamations have the force of law, much like regulations issued by federal agencies, so they are codified under Title 3 of the Code of Federal Regulations, which is the formal collection of all of the rules and regulations issued by the executive branch and other federal agencies.
Executive orders are not legislation; they require no approval from Congress, and Congress cannot simply overturn them. Congress may pass legislation that might make it difficult, or even impossible, to carry out the order, such as removing funding. Only a sitting U.S. President may overturn an existing executive order by issuing another executive order to that effect.”
https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/
Another Review:
https://www.atlanticcouncil.org/blogs/new-atlanticist/markup-our-experts-annotate-bidens-new-executive-order-on-cybersecurity/
https://www.insurancejournal.com/news/national/2021/05/21/615373.htm
Within 60 days of the date of this order, the head of each agency shall:
(i) update existing agency plans to prioritize resources for the adoption and use of cloud technology as outlined in relevant OMB guidance;
(ii) develop a plan to implement Zero Trust Architecture, which shall incorporate, as appropriate, the migration steps that the National Institute of Standards and Technology (NIST) within the Department of Commerce has outlined in standards and guidance, describe any such steps that have already been completed, identify activities that will have the most immediate security impact, and include a schedule to implement them; and
Within 180 days of the date of this order, agencies shall adopt multi-factor authentication and encryption for data at rest and in transit, to the maximum extent consistent with Federal records laws and other applicable laws.
Within 90 days of the date of this order, the Secretary of Homeland Security acting through the Director of CISA, in consultation with the Attorney General, the Director of the FBI, and the Administrator of General Services acting through the Director of FedRAMP, shall establish a framework to collaborate on cybersecurity and incident response activities related to FCEB cloud technology, in order to ensure effective information sharing among agencies and between agencies and CSPs.
SBOM! Dr. Allan Friedman on BrakeSec
http://brakeingsecurity.com/2020-032-dr-allan-friedman-sbom-software-transparency-and-how-the-sausage-is-made-part-2
providing a
purchaser a Software Bill of Materials (SBOM) for each product
directly or by publishing it on a public website;
(viii) participating in a vulnerability disclosure program that includes a reporting and disclosure process;
(ix) attesting to conformity with secure software
development practices
Within 270 days of the date of this order, the
Secretary of Commerce acting through the Director of NIST, in
coordination with the Chair of the Federal Trade Commission (FTC)
and representatives of other agencies as the Director of NIST deems
appropriate, shall identify IoT cybersecurity
criteria for a consumer labeling program, and shall consider
whether such a consumer labeling program may be operated in
conjunction with or modeled after any similar existing government
programs consistent with applicable law.
The criteria shall reflect
increasingly comprehensive levels of testing and assessment that a
product may have undergone, and shall use or be compatible with
existing labeling schemes that manufacturers use to inform
consumers about the security of their products. The Director
of NIST shall examine all relevant information, labeling, and
incentive programs and employ best practices. This review
shall focus on ease of use for consumers and a determination of
what measures can be taken to maximize manufacturer
participation.
Rebuttal to “The Hill article”: https://soatok.blog/2021/05/19/a-balanced-response-to-allen-gwinn/ thank you Brian Harden (@_noid)
Author’s ‘apology’: https://twitter.com/2wiredSecurity/status/1395531110436704258
Check out our Store on Teepub! https://brakesec.com/store
Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com
#AmazonMusic: https://brakesec.com/amazonmusic
#Spotify: https://brakesec.com/spotifyBDS
#Pandora: https://brakesec.com/pandora
#RSS: https://brakesec.com/BrakesecRSS
#Youtube Channel: http://www.youtube.com/c/BDSPodcast
#iTunes Store Link: https://brakesec.com/BDSiTunes
#Google Play Store: https://brakesec.com/BDS-GooglePlay
Our main site: https://brakesec.com/bdswebsite
#iHeartRadio App: https://brakesec.com/iHeartBrakesec
#SoundCloud: https://brakesec.com/SoundcloudBrakesec
Comments, Questions, Feedback: bds.podcast@gmail.com
Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon
https://brakesec.com/BDSPatreon
#Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir
#Player.FM : https://brakesec.com/BDS-PlayerFM
#Stitcher Network: https://brakesec.com/BrakeSecStitcher
#TuneIn Radio App: https://brakesec.com/TuneInBrakesec