What were your biggest takeaways from the Executive Order on Improving the Nation’s Cybersecurity? (https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/)

I don't understand the executive order that Biden put out. I tried to read through it to find out if I can sell my product without being Federal Risk and Authorization Management Program (FedRAMP) certified. Is that part of the executive order? Is it like an emergency authorization for Pfizer and those drugs?

Anonymous Author
I don't understand the executive order that Biden put out. I tried to read through it to find out if I can sell my product without being Federal Risk and Authorization Management Program (FedRAMP) certified. Is that part of the executive order? Is it like an emergency authorization for Pfizer and those drugs?
2 upvotes
Anonymous Author
Executive orders like this are there for guidance, generally. This one gives organizations that may not be focused on cybersecurity the incentive to get started. But companies that have already been in this space—especially in the tech sector—have a lot more to do. Our industry needs to have a real and candid conversation with providers. I can't balance multiple solutions in my fabric that are not handshaking together or increasing my transparency. We have to see transparency at both the data and application layers. This executive order will put pressure on open architecture between vendors so that they start to play together better. We're really going to need that.
1 upvotes
Anonymous Author
When they issue executive orders, are they in a silo away from world trade? Because GM was making ventilators and PPE, and their huge facilities in Canada were also making that same PPE and shipping some of it across the border. The code that was used to program the machines to turn car parks into ventilator making was a government contract. It was an executive order under the war measures act. If there’s a company that does business with the US federal government, would they be subjected to these rules and regulations because the procurement from the federal government touches them? I'm trying to figure out how these pieces fit together because it would probably impact 80% of tech companies, manufacturing companies and the electronics industry, including companies like Intel and IBM.
1 upvotes
Anonymous Author
It is a good start, but way too high-level. It is also too reactive to the SolarWinds breach, in the same way that SoX was reactive to the Enron scandal.   https://cybersec.cyolo.io/s/7-things-to-know-about-biden-s-cybersecurity-executive-order-1008
2 upvotes