Voglio sapere a riguardo di…

26633

Presidential Documents
Federal Register Vol. 86, No. 93
Monday, May 17, 2021

Title 3

Executive Order 14028 of May 12, 2021

The President
Improving the Nations Cybersecurity By the authority vested in me as President by the Constitution and the laws of the United States of America, it is hereby ordered as follows:
Section 1. Policy. The United States faces persistent and increasingly sophisticated malicious cyber campaigns that threaten the public sector, the private sector, and ultimately the American peoples security and privacy. The Federal Government must improve its efforts to identify, deter, protect against, detect, and respond to these actions and actors. The Federal Government must also carefully examine what occurred during any major cyber incident and apply lessons learned. But cybersecurity requires more than government action. Protecting our Nation from malicious cyber actors requires the Federal Government to partner with the private sector. The private sector must adapt to the continuously changing threat environment, ensure its products are built and operate securely, and partner with the Federal Government to foster a more secure cyberspace. In the end, the trust we place in our digital infrastructure should be proportional to how trustworthy and transparent that infrastructure is, and to the consequences we will incur if that trust is misplaced.
Incremental improvements will not give us the security we need; instead, the Federal Government needs to make bold changes and significant investments in order to defend the vital institutions that underpin the American way of life. The Federal Government must bring to bear the full scope of its authorities and resources to protect and secure its computer systems, whether they are cloud-based, on-premises, or hybrid. The scope of protection and security must include systems that process data information technology IT and those that run the vital machinery that ensures our safety operational technology OT.
It is the policy of my Administration that the prevention, detection, assessment, and remediation of cyber incidents is a top priority and essential to national and economic security. The Federal Government must lead by example. All Federal Information Systems should meet or exceed the standards and requirements for cybersecurity set forth in and issued pursuant to this order.
Sec. 2. Removing Barriers to Sharing Threat Information. a The Federal Government contracts with IT and OT service providers to conduct an array of day-to-day functions on Federal Information Systems. These service providers, including cloud service providers, have unique access to and insight into cyber threat and incident information on Federal Information Systems. At the same time, current contract terms or restrictions may limit the sharing of such threat or incident information with executive departments and agencies agencies that are responsible for investigating or remediating cyber incidents, such as the Cybersecurity and Infrastructure Security Agency CISA, the Federal Bureau of Investigation FBI, and other elements of the Intelligence Community IC. Removing these contractual barriers and increasing the sharing of information about such threats, incidents, and risks are necessary steps to accelerating incident deterrence, prevention, and response efforts and to enabling more effective defense of agencies systems and of information collected, processed, and maintained by or for the Federal Government.

VerDate Sep<11>2014

15:52 May 14, 2021

Jkt 253001

PO 00000

Frm 00001

Fmt 4705

Sfmt 4790

E:FRFM17MYE0.SGM

17MYE0