No Result
View All Result
SUBMIT YOUR ARTICLES
  • Login
Friday, October 10, 2025
TheAdviserMagazine.com
  • Home
  • Financial Planning
    • Financial Planning
    • Personal Finance
  • Market Research
    • Business
    • Investing
    • Money
    • Economy
    • Markets
    • Stocks
    • Trading
  • 401k Plans
  • College
  • IRS & Taxes
  • Estate Plans
  • Social Security
  • Medicare
  • Legal
  • Home
  • Financial Planning
    • Financial Planning
    • Personal Finance
  • Market Research
    • Business
    • Investing
    • Money
    • Economy
    • Markets
    • Stocks
    • Trading
  • 401k Plans
  • College
  • IRS & Taxes
  • Estate Plans
  • Social Security
  • Medicare
  • Legal
No Result
View All Result
TheAdviserMagazine.com
No Result
View All Result
Home Market Research Market Analysis

What To Know About Trump’s New Cybersecurity Executive Order

by TheAdviserMagazine
4 months ago
in Market Analysis
Reading Time: 5 mins read
A A
What To Know About Trump’s New Cybersecurity Executive Order
Share on FacebookShare on TwitterShare on LInkedIn


On Friday June 6th, President Trump issued an executive order on national cybersecurity. The order amended and struck several provisions in Executive Orders 13694 and 14144, which were respectively issued by President Obama in 2015 and by President Biden in early 2025. The biggest changes were in the areas of software security, post-quantum cryptography, digital identity, fraud management, and AI. In some cases, Trump’s EO dropped technology specifics for certain guidelines.  

Back in January, Forrester detailed the key topics and technology areas in EO 14144. The Trump administration’s new EO does not revoke EO 14144 entirely but there are changes to several provisions. Here’s what security leaders need to know. 

Software Supply Chain Guidance Moves Away From Machine Attestation 

The latest EO strikes sections 2(a) and 2(b) listed in EO 14144 whose purpose was to   operationalize transparency and security in third-party software applications. These sections recommend federal acquisition contractual language to require software providers provide “(A) machine-readable secure software development attestations; (B) high-level artifacts to validate those attestations; and (C) a list of the providers’ Federal Civilian Executive Branch (FCEB) agency.” The sections also mandated a process for CISA to validate the attestations and artifacts and recommend companies with failed attestations to the DOJ.  However, it’s worth noting that: 

The new EO does not remove all software supply chain requirements. The new EO does not specifically repeal EO 14028, or OMB M-23-16 Update to M-22-18 “Enhancing the Security of the Software Supply Chain through Secure Software Development Practices.”  Therefore, federal agencies are presumably still on the hook to obtain a self-attestation from software suppliers and, at their discretion, require evidence in the form of an SBOM artifact.  Clarification on this point from CISA, GSA, or OMB is anticipated and necessary.  

Secure software development framework (SSDF) updates are coming. The new EO retains and sets deadlines for NIST to establish an industry consortium that will provide guidance on how software providers can demonstrate the implementation of the SSDF. A preliminary update to the SSDF with practices, procedures, controls, and implementation examples regarding the secure and reliable development and delivery of software as well as the security of the software itself is preserved and a due date of December 1, 2025, is set. In addition, NIST will update Special Publication 800–53 to add “how to securely and reliably deploy patches and updates.” 

Post-Quantum Cryptography (PQC) Migration Remains A Priority, Though Some Changes Could Slow Collaboration And Adoption 

While the new EO strikes subsection 4(f) from EO 14144, its amended replacement continues to recognize the threat posed by a cryptanalytically relevant quantum computer (CRQC) and upholds the transition to PQC. The amendment also introduces a fixed date of December 1, 2025 for 1) release of a regularly updated CISA list of product categories that support PQC, and 2) NSA (for NSS) and OMB (for non-NSS) to issue requirements for agencies to support TLS v1.3 or a successor version no later than January 2, 2030. However, two other notable changes raise some questions: 

PQC support requirements are no longer mandated in product solicitations. The new EO removes including PQC support in product solicitations and adopting PQC or hybrid KEM as soon as practicable. From a procurement and implementation perspective, removing these sections leaves much to the discretion of individual agencies and their risk appetite. This could introduce delays in government-wide migration to PQC. 

International collaboration language has been removed. The amendment notably removes the section calling for engaging with foreign governments and industry groups in key countries to encourage transition to NIST’s standardized PQC algorithms. NIST has been a leader in developing new PQC standards, and strong international collaboration has helped to accelerate that work and led many countries to adopt the NIST standards for themselves. If standardized PQC algorithms are found vulnerable or broken in the future (due to CRQC or just because of discovered flaws in the algorithm), new standards will take time to develop, and less international collaboration could slow new standards development and make interoperability more difficult. 

Other Changes Address Protocols And Emerging Technologies  

The new EO removes a lot of technology specific language, which may allow for more flexibility in implementation. For example, EO 14144 originally mandated that the Federal Government “adopt proven security practices from industry” in the IAM realm and pilot deploying the WebAuthn standard. The new EO removes those sections. The new EO also removes the original references to BGP and its potential vulnerabilities in the Internet routing section. However, these technology specifics could re-appear in some of the published department-level guidance that the EO requires. In addition to those examples, be aware that: 

Fraud and digital identity provisions have been removed. The new EO completely removes Section 5 of EO 14144, titled “Solutions to Combat Cybercrime and Fraud.”  Section 5’s removal marks intent to reduce mandates of specific security technologies federal agencies should use when it comes to managing fraud and digital identities. The new EO also removes initiatives to use digital ID document verification for citizens when using services of the US Federal government.  

Space system cybersecurity is still in orbit, but trajectory is less clear. While the latest EO preserves most cybersecurity requirements for space systems, it notably scales back mandates for space national security systems (NSS). These systems remain critical to national infrastructure and security, yet the EO no longer requires the Committee on National Security Systems to identify specific requirements for intrusion detection, secure booting via hardware roots of trust, and patch management. Instead, it tasks the Committee to identify requirements for cyber defenses broadly. Space cybersecurity is an evolving domain where defense and civilian operators alike are actively seeking government-backed standards to make it easier to cost-effectively maintain space assets. Removing this language may offer more leeway to address broader requirements, but space NSS operators and government agencies will still need to account for the removed components in their existing procurement- and system-lifecycle requirements 

AI provisions include a stronger focus on AI software vulnerabilities. This executive order removes many of the provisions related to using AI in the defense of critical infrastructure, including a pilot program on using AI to protect the energy sector. In addition, it recommends NIST ensure that AI-related software vulnerabilities and compromises are included in agency and interagency vulnerability management processes by November 1, 2025. The same date is also used as a deadline for sharing relevant cyber data with academic institutions for research purposes.    

This is the first major instance of changes to previous executive orders and guidelines in the cybersecurity arena. With the new EO requiring published guidance in several areas before the end of the year, security leaders not only in US federal agencies but also those in adjacent and trickle-down organizations will need to stay on top of the latest updates and prepare for more changes.  To talk more about the impacts to your organization, schedule a guidance session with any of our authors. 



Source link

Tags: CybersecurityexecutiveOrderTrumps
ShareTweetShare
Previous Post

Reeves’ plans contending with the bond market

Next Post

Vanguard seeks SEC approval for tax-busting fund

Related Posts

edit post
Global Retail Media Spend To Top 0 Billion By 2030

Global Retail Media Spend To Top $300 Billion By 2030

by TheAdviserMagazine
October 9, 2025
0

Global retail media spending will grow from $184 billion in 2025 to $312 billion by 2030 at a five-year compound...

edit post
8 S&P 500 Bargains Showing Early Signs of Explosive Rebounds

8 S&P 500 Bargains Showing Early Signs of Explosive Rebounds

by TheAdviserMagazine
October 9, 2025
0

The S&P 500 is up over 13% this year and hit a new record of 6,753.72 points on Wednesday. But...

edit post
Key Drivers & Challenges in Liquid Cooling Market for Stationary BESS

Key Drivers & Challenges in Liquid Cooling Market for Stationary BESS

by TheAdviserMagazine
October 9, 2025
0

The liquid cooling market for stationary battery energy storage systems (BESS) is witnessing rapid growth as energy storage solutions gain...

edit post
How B2B Marketing Leaders Can Organize AI Responsibilities For Business Impact

How B2B Marketing Leaders Can Organize AI Responsibilities For Business Impact

by TheAdviserMagazine
October 8, 2025
0

AI is transforming B2B marketing — from how briefs are written to how campaigns are orchestrated. But while the tools...

edit post
Computer MDF: Modernizing Marketing Development Funds for Manufacturers – Blog & Tips

Computer MDF: Modernizing Marketing Development Funds for Manufacturers – Blog & Tips

by TheAdviserMagazine
October 8, 2025
0

Computer Market Research (CMR): The Ultimate Channel Management Compendium PART 1 Table of Contents for Part 1 Introduction to Channel...

edit post
Trends, Growth, and Future Outlook

Trends, Growth, and Future Outlook

by TheAdviserMagazine
October 8, 2025
0

Cancer remains one of the leading causes of mortality worldwide, with nearly 20 million cases reported in 2022 and projections...

Next Post
edit post
Vanguard seeks SEC approval for tax-busting fund

Vanguard seeks SEC approval for tax-busting fund

edit post
These 10 Hobbies Are Just Distractions from an Unfulfilling Life

These 10 Hobbies Are Just Distractions from an Unfulfilling Life

  • Trending
  • Comments
  • Latest
edit post
What Happens If a Spouse Dies Without a Will in North Carolina?

What Happens If a Spouse Dies Without a Will in North Carolina?

September 14, 2025
edit post
Pennsylvania House of Representatives Rejects Update to Child Custody Laws

Pennsylvania House of Representatives Rejects Update to Child Custody Laws

October 7, 2025
edit post
What to Do When a Loved One Dies in North Carolina

What to Do When a Loved One Dies in North Carolina

October 8, 2025
edit post
Does a Will Need to Be Notarized in North Carolina?

Does a Will Need to Be Notarized in North Carolina?

September 8, 2025
edit post
DACA recipients no longer eligible for Marketplace health insurance and subsidies

DACA recipients no longer eligible for Marketplace health insurance and subsidies

September 11, 2025
edit post
Tips to Apply for Mental Health SSDI Without Therapy

Tips to Apply for Mental Health SSDI Without Therapy

September 19, 2025
edit post
Going for Broke | Mises Institute

Going for Broke | Mises Institute

0
edit post
Binance founder CZ receives alert from Google about possible government-backed attacks

Binance founder CZ receives alert from Google about possible government-backed attacks

0
edit post
Are Post Offices Open or Closed on Columbus Day 2025?

Are Post Offices Open or Closed on Columbus Day 2025?

0
edit post
India’s students are recalibrating value and Australia must play the long game

India’s students are recalibrating value and Australia must play the long game

0
edit post
Comedians criticized for silence on Saudi Arabia human rights record after comedy festival – JURIST

Comedians criticized for silence on Saudi Arabia human rights record after comedy festival – JURIST

0
edit post
Alaska Energy Metals settles K in insider debt with share issuance (OTCQB:AKEMF)

Alaska Energy Metals settles $95K in insider debt with share issuance (OTCQB:AKEMF)

0
edit post
Alaska Energy Metals settles K in insider debt with share issuance (OTCQB:AKEMF)

Alaska Energy Metals settles $95K in insider debt with share issuance (OTCQB:AKEMF)

October 10, 2025
edit post
China’s property slump this year looks worse than expected, S&P says

China’s property slump this year looks worse than expected, S&P says

October 10, 2025
edit post
Binance founder CZ receives alert from Google about possible government-backed attacks

Binance founder CZ receives alert from Google about possible government-backed attacks

October 10, 2025
edit post
XRP Price Struggles Below  as Futures Interest Drops and Whales Dump 440 Million Tokens

XRP Price Struggles Below $3 as Futures Interest Drops and Whales Dump 440 Million Tokens

October 10, 2025
edit post
REITs and InvITs offer low-risk, mid-teen returns; ideal horizon is 5-10 years, says Embassy REIT CFO

REITs and InvITs offer low-risk, mid-teen returns; ideal horizon is 5-10 years, says Embassy REIT CFO

October 9, 2025
edit post
Baby Boomers Are Flocking to This Florida Town — but Not for the Weather

Baby Boomers Are Flocking to This Florida Town — but Not for the Weather

October 9, 2025
The Adviser Magazine

The first and only national digital and print magazine that connects individuals, families, and businesses to Fee-Only financial advisers, accountants, attorneys and college guidance counselors.

CATEGORIES

  • 401k Plans
  • Business
  • College
  • Cryptocurrency
  • Economy
  • Estate Plans
  • Financial Planning
  • Investing
  • IRS & Taxes
  • Legal
  • Market Analysis
  • Markets
  • Medicare
  • Money
  • Personal Finance
  • Social Security
  • Startups
  • Stock Market
  • Trading

LATEST UPDATES

  • Alaska Energy Metals settles $95K in insider debt with share issuance (OTCQB:AKEMF)
  • China’s property slump this year looks worse than expected, S&P says
  • Binance founder CZ receives alert from Google about possible government-backed attacks
  • Our Great Privacy Policy
  • Terms of Use, Legal Notices & Disclosures
  • Contact us
  • About Us

© Copyright 2024 All Rights Reserved
See articles for original source and related links to external sites.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • Home
  • Financial Planning
    • Financial Planning
    • Personal Finance
  • Market Research
    • Business
    • Investing
    • Money
    • Economy
    • Markets
    • Stocks
    • Trading
  • 401k Plans
  • College
  • IRS & Taxes
  • Estate Plans
  • Social Security
  • Medicare
  • Legal

© Copyright 2024 All Rights Reserved
See articles for original source and related links to external sites.