Biden Administration Orders Sweeping Directives to Federal Agencies and Contractors to Improve U.S. Cybersecurity

Client Alert | 1 min read | 05.13.21

The Biden Administration issued a detailed Executive Order (EO) on Improving the Nation’s Cybersecurity yesterday aimed at strengthening the Federal Government’s cybersecurity defense posture. The EO calls for the creation of new cybersecurity standards, as well as updates to FAR- and DFARS-based contract requirements, affecting both information and operational technology. Much of the EO addresses implementation throughout the Federal Civilian Executive Branch (FCEB) Agencies and the Department of Defense (DoD). The EO encompasses a broad array of cybersecurity initiatives for fast track implementation in partnership with the private sector, notably including:

Requiring mandatory breach reporting to the Federal Government, applicable to both contractors and cloud service providers (CSPs) accessing Federal information systems;
Implementing mandatory multifactor authentication, encryption and logging requirements for Federal information systems, applicable to contractors operating networks on behalf of the Federal Government;
Creating a software supply chain security standard, including a consumer software labeling program, focused on secure software development practices that will impact Federal software acquisitions;
Modernizing security practices including Zero Trust Architecture and accelerated movement to secure cloud services through FedRAMP;
Establishing a Cyber Safety Review Board, modeled after the National Transportation Safety Board (NTSB), which will provide the Federal Government greater authorities to investigate significant cyber incidents occurring on contractor and CSP networks; and
Standardizing a Federal Government Playbook for incident response activities, which will create a new standard of care for private industry and government contractors.

The EO directs the Federal Government to prioritize these initiatives over the next year, with some actions to be implemented as soon as within the next 30 days. Contractors should anticipate a myriad of proposed regulatory changes over the next 60 – 90 days as agencies begin implementing these wide-ranging cyber initiatives.

Contacts

Evan D. Wolff
Partner
He/Him/His
- Washington, D.C.
  - D | +1.202.624.2615
ZXdvbGZmQGNyb3dlbGwuY29t
Michael G. Gruden
Partner
- Washington, D.C.
  - D | +1.202.624.2545
bWdydWRlbkBjcm93ZWxsLmNvbQ==
Maida Oringher Lerner
Senior Counsel
She/Her/Hers
- Washington, D.C.
  - D | +1.202.624.2596
bWxlcm5lckBjcm93ZWxsLmNvbQ==

Insights

Client Alert | 1 min read | 01.21.25

Contractor Business Systems: Out With the Old, In With the New (Terminology)

On January 17, 2025, the Department of Defense (DoD) issued a final rule replacing the term “significant deficiency” in the Defense Federal Acquisition Regulation Supplement (DFARS) with the term “material weakness” for use in reviews of contractor business systems. Effective immediately, a material weakness is defined as “a deficiency or combination of deficiencies in the internal control over information in contractor business systems, such that there is a reasonable possibility that a material misstatement of such information will not be prevented, or detected and corrected, on a timely basis. A reasonable possibility exists when the likelihood of an event occurring is probable or more than remote but less than likely.” ...

Client Alert | 4 min read | 01.21.25
Democratic State Attorneys General Move To Protect Key Priorities Just Days Before the Inauguration of President Trump
Client Alert | 6 min read | 01.21.25
DOJ and FTC Issue New Antitrust Guidelines Regarding Business Practices That Impact Workers
Client Alert | 5 min read | 01.21.25
FAR Council Proposes Substantial Changes to OCI Regulations

View All Insights