Cyber Security: Executive Orders and Policies

From: Office of Management and Budget

Purpose

This memorandum provides guidance on the enhancement ofthe High Value Asset (HV A) program operated by the Department of Homeland Security (DHS), in coordination with the Office of Management and Budget (0MB). It outlines expectations for the following areas:

• Establishing Enterprise HVA Governance;
• Improving the Designation ofHVAs;
• Implementing Data-Driven HV A Prioritization;
• Increasing the Trustworthiness1 ofHVAs; • Protecting Privacy and HVAs; and
• Defining HVA Reporting, Assessment, and Remediation Requirements.

From: Office of Management and Budget

Purpose

This memorandum provides agencies with fiscal year (FY) 2019 reporting guidance and deadlines in accordance with the Federal Information Security Modernization Act of 2014 (FISMA). This memorandum also consolidates several govemment-wide reporting requirements into a single document to eliminate duplicative or burdensome processes in accordance with the requirements in Office of Management and Budget (OMB) Memorandum M-17-26, Reducing Burden for Federal Agencies by Rescinding and Modifying OMB Memoranda. Accordingly, OMB rescinds the following memoranda:

• M-l 8-02, Fiscal Year 201 7-2018 Guidance on Federal Information Security and Privacy Management Requirements

From: The White House

Issued on: October 25, 2018

MEMORANDUM FOR THE HEADS OF EXECUTIVE DEPARTMENTS AND AGENCIES

SUBJECT:        Developing a Sustainable Spectrum Strategy for America’s Future

By the authority vested in me as President by the Constitution and the laws of the United States of America, it is hereby ordered as follows:

Section 1.  Policy.  It is the policy of the United States to use radiofrequency spectrum (spectrum) as efficiently and effectively as possible to help meet our economic, national security, science, safety, and other Federal mission goals now and in the future.  To best achieve this policy, the Nation requires a balanced, forward-looking, flexible, and sustainable approach to spectrum management.

Editor’s Note: The National Cyber Strategy (September 2018) is available here (pdf 1.4 MB) Below is a brief excerpt.

The Way Forward

New threats and a new era of strategic competition
demand a new cyber strategy that responds
to new realities, reduces vulnerabilities, deters
adversaries, and safeguards opportunities for
the American people to thrive. Securing cyberspace
is fundamental to our strategy and requires
technical advancements and administrative
efficiency across the Federal Government and
the private sector. The Administration also
recognizes that a purely technocratic approach
to cyberspace is insufficient to address the
nature of the new problems we confront. The
United States must also have policy choices
to impose costs if it hopes to deter malicious
cyber actors and prevent further escalation.

From: Cloud.CIO.gov

By the authority vested in me as President by the Constitution and the laws of the United States of America, it is hereby ordered as follows:

From: OMB Memorandum M-17-25

Overview and Purpose

On May 11, 2017, the President signed the Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure, which outlines a number of actions to enhance cybersecurity across Federal agencies and critical infrastructure partners. Section 1 of the Executive Order reinforces the Federal Information Security Modernization Act of 2014 (FISMA) by holding agency heads accountable for managing the cybersecurity risks to their enterprises. This Memorandum provides implementing guidance on actions required in Section 1 of the Executive Order.

From: OMB Memorandum M-18-12

MEMORANDUM FOR THE HEADS OF EXECUTIVE DEPARTMENTS AND AGENCIES

FROM: Mick Mulvaney, Director

SUBJECT: Implementation of the Modernizing Government Technology Act

The Modernizing Government Technology (MGT) Act is a key component of this Administration’s continued efforts to improve Federal technology by providing financial resources and technical expertise to agencies. The MGT Act will allow agencies to invest in modem technology solutions to improve service delivery to the public, secure sensitive systems and data, and save taxpayer dollars. This memorandum sets forth Administration objectives and necessary actions agencies should take in order to implement the MGT Act.

From: Lexology

Richard P. Lawson | Manatt Phelps & Phillips LLP

Editor’s Note: The explanatory White House Blog post about the VEP is available here.

From: The White House

1. Purpose

This document describes the Vulnerabilities Equities Policy and Process for departments and agencies of the United States Government (USG) to balance equities and make determinations regarding disclosure or restriction when the USG obtains knowledge of newly discovered and not publicly known vulnerabilities in information systems and technologies. The primary focus of this policy is to prioritize the public’s interest in cybersecurity and to protect core Internet infrastructure, information systems, critical infrastructure systems, and the U.S. economy through the disclosure of vulnerabilities discovered by the USG, absent a demonstrable, overriding interest in the use of the vulnerability for lawful intelligence, law enforcement, or national security purposes.