Weeks into 2022, following a record-breaking year of more than 1,200 cyber attacks, President Biden’s White House has issued a memo calling for U.S. federal agencies to prioritize security enhancements and establish reporting policies to better protect against attacks. With the increase in attacks and a report from IBM stating that the average cost of a data breach in 2021 totaled $4.24 million, it is more critical than ever for public and private organizations to establish a strong security posture.
This memo comes as a follow up to a previous White House memo in May 2021, addressing the cybersecurity threats the U.S. faces.
Details About the Memo
The memo outlines the ways U.S. government agencies must “improve its efforts to identify, deter, protect against, detect, and respond to malicious cyber campaigns and their actors through bold changes and significant investments in cybersecurity.”
Cyber hygiene and protective measures. Per the memo, the White House has established timelines and requirements for the agencies to implement multi-factor authentication (MFA), cloud technology, zero trust architecture (ZTA), endpoint detection, and related security tools. The memo outlines implementation deadlines ranging from 30 to 120 days.
Incident reporting. To provide more transparency and visibility on cyber attacks and threats against government agencies, the memo states that agencies will be required to identify their national security systems and report incidents to the National Security Agency (NSA).
Operational directives. As an extension on the incident reporting and visibility requirements outlined in the memo, the White House has directed the NSA to create binding operational directives in the next 30 days, to act on cybersecurity threats and directives.
Cross-domain solutions inventories. To better protect sensitive and classified data, U.S. agencies will be required to inventory the systems that transfer data between classified and unclassified systems and establish strong protection standards over the next 60 days.
While unfunded, this memo is a step in the right direction as more enterprises and organizations move toward a zero trust architecture, to continuously authenticate access and minimize cyber threat. Plurilock’s zero trust platform is a critical piece of a ZTA, offering an innovative way to protect your organization’s technology ecosystem.
For more information on zero trust, download our guide on Plurilock and the NIST 800-207 guidance, download our white paper Catching Up to the New Normal with Zero Trust, and download our authentication guide.