President Biden signed a National Security Memorandum (NSM) to improve the cybersecurity of National Security, Department of Defense (DoD) and Intelligence Community Systems.
The Memorandum on Improving the Cybersecurity of National Security, Department of Defense, and Intelligence Community Systems or NSM-8, requires that, at minimum, National Security Systems employ the same network cybersecurity measures that are required of federal civilian networks outlined in Improving the Nation’s Cybersecurity Executive Order (EO 14028).
The memorandum is another step in validating the need to map the network requirements for civilian federal agencies under the E.O. 14028 across applicable national security systems in an effort to standardize cybersecurity requirements for military agencies and the intelligence community with civilian agencies.
The memorandum also provides the National Security Agency authority to issue binding operational directives on cyber issues which will mirror the civilian agency directives issued by the Department of Homeland Security.
Specifies how the provisions of EO 14028 apply to National Security Systems.
The President’s May 2021 Executive Order required that the government “shall adopt National Security Systems requirements that are equivalent to or exceed the cybersecurity requirements set forth in this order.” Consistent with that mandate, this NSM establishes timelines and guidance for how these cybersecurity requirements will be implemented, including multifactor authentication, encryption, cloud technologies, and endpoint detection services.
Improves the visibility of cybersecurity incidents that occur on these systems.
It requires agencies to identify their national security systems and report cyber incidents that occur on them to the National Security Agency, which by prior policy is the “National Manager” for the U.S. government’s classified systems. This will improve the government’s ability to identify, understand, and mitigate cyber risk across all National Security Systems.
Requires agencies to act to protect or mitigate a cyber threat to National Security Systems.
The NSM authorizes the National Security Agency, through its role as National Manager for National Security Systems, to create Binding Operational Directives requiring agencies to take specific actions against known or suspected cybersecurity threats and vulnerabilities. This directive is modeled on the Department of Homeland Security’s Binding Operational Directive authority for civilian government networks. The NSM directs NSA and DHS to share directives and to learn from each other to determine if any of the requirements from one agency’s directive should be adopted by the other.
Requires agencies to secure cross domain solutions – tools that transfer data between classified and unclassified systems.
Adversaries can seek to leverage these tools to get access to our classified networks, and the NSM directs decisive action to mitigate this threat. The NSM requires agencies to inventory their cross-domain solutions and directs NSA to establish security standards and testing requirements to better protect these critical systems.
“I applaud President Biden for signing this order to improve our nation’s cybersecurity,” said Senate Intelligence Committee Chair Mark Warner. “Among other priorities, this National Security Memorandum requires federal agencies to report efforts to breach their systems by cyber criminals and state-sponsored hackers.”
The Memorandum is another step in the Biden Administration’s focus on modernizing the nation’s cyber defenses and prioritize protecting federal networks.
The Schneider Downs cybersecurity practice consists of experts offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. For more information, visit www.schneiderdowns.com/cybersecurity or contact the team at [email protected].
In addition, our Digital Forensics and Incident Response teams are available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident of any kind.
Share
You’ve heard our thoughts… We’d like to hear yours
The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at [email protected].
Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.
This site uses cookies to ensure that we give you the best user experience. Cookies assist in navigation, analyzing traffic and in our marketing efforts as described in our Privacy Policy.