Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure … Is your report ready?

May 11, 2017

Section 1 c (ii) of the Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure, where the Executive Order mandates that the NIST Cybersecurity Framework is the guideline that all Executive Branch agencies should be following:

“Effective immediately, each agency head shall use The Framework for Improving Critical Infrastructure Cybersecurity (the Framework) developed by the National Institute of Standards and Technology, or any successor document, to manage the agency’s cybersecurity risk.  Each agency head shall provide a risk management report to the Secretary of Homeland Security and the Director of the Office of Management and Budget (OMB) within 90 days of the date of this order.  The risk management report shall:

(A)  document the risk mitigation and acceptance choices made by each agency head as of the date of this order, including:

(1)  the strategic, operational, and budgetary considerations that informed those choices; and

(2)  any accepted risk, including from unmitigated vulnerabilities; and

(B)  describe the agency’s action plan to implement the Framework.”

For more on the EO go to https://www.whitehouse.gov/the-press-office/2017/05/11/presidential-executive-order-strengthening-cybersecurity-federal

For more on NIST Compliance, go to https://gttb.com/blog/what-is-nist-compliance/