This is the fifth in a series of Covington blogs on implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity”, issued by President Biden on May 12, 2021 (the “Cyber EO”). The first blog summarized the Cyber EO’s key provisions and timelines, and the second, third, and fourth blogs described the actions taken by various federal government agencies to implement the EO during June, July, and August 2021, respectively. This blog summarizes key actions taken to implement the Cyber EO during September 2021.
I. Actions Taken During September 2021 to Modernize Federal Government Cybersecurity
The Office of Management and Budget (OMB) publically released a draft zero trust architecture strategy for federal agencies on September 9, 2021. On that same day, the Cybersecurity and Infrastructure Agency (CISA) issued two draft documents designed to further OMB’s zero trust strategy: the Zero Trust Maturity Model and the Cloud Security Technical Reference Architecture. Each of these documents was required by Section 3 of the Cyber EO to modernize and standardize federal government agency approaches to cybersecurity.