Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

From: The White House

EXECUTIVE ORDER

– – – – – – –

STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE

By the authority vested in me as President by the Constitution and the laws of the United States of America, and to protect American innovation and values, it is hereby ordered as follows:

Section 1.  Cybersecurity of Federal Networks.

OIRA Reiterates: The Data Quality Act “applies to all information disseminated from Federal websites”

Editor’s Note: Memorandum M-17-06, Policies for Federal Agency Public Websites and Digital Services, signed the Director of OMB, the Administrator of OIRA, and the Federal CIO is available here. Below is an excerpt. Cross-posted from OIRA Watch.

From: The White House

11. Ensure Information Quality and Accuracy

The Internet enables agencies to communicate information quickly and easily to a wide audience, which, while of great benefit to society, also increases the potential harm that can result from disseminating incorrect information. Taking this into account, information disseminated from Federal Government websites and digital services, or from third-party services on behalf of the Government, is expected to be authoritative and reliable.

Federal Source Code Policy: Achieving Efficiency, Transparency, and Innovation through Reusable and Open Source Software

Editor’s Note: The complete OMB Memorandum M-16-21 is available here. Below is an excerpt.

From: Office of Management and Budget | Memorandum M-16-21

By Tony Scott, United States Chief Information Officer and Anne E. Rung, United States Chief Acquisition Officer

1. Objectives

This policy will accomplish the following objectives:

• Provide a policy to agencies 19 on considerations that must be made prior to acquiring any custom-developed code;

• Require agencies to obtain appropriate Government data rights to custom-developed code, including at a minimum, rights to Government-wide reuse and rights to modify the code. Agencies shall make such custom-developed code broadly available across the Federal Government, subject to limited exceptions;20

Annex for Presidential Policy Directive 41 — United States Cyber Incident Coordination

SUBJECT:  Federal Government Coordination Architecture for Significant Cyber Incidents
I.   Scope

This annex to PPD-41, United States Cyber Incident Coordination Policy, provides further details concerning the Federal Government coordination architecture for significant cyber incidents and prescribes certain implementation tasks.

II.  Coordination Architecture

Managing Federal Information as a Strategic Resource

From: The White House

by Tony Scott, Howard Shelanski, Anne Rung, Marc Groman

Summary:  Today, OMB is releasing an update to Circular A-130, the Federal Government’s governing document for the management of Federal information resources.

Today the Office of Management and Budget (OMB) is releasing an update to the Federal Government’s governing document for the management of Federal information resources: Circular A-130, Managing Information as a Strategic Resource.

Presidential Policy Directive — United States Cyber Incident Coordination

PRESIDENTIAL POLICY DIRECTIVE/PPD-41

SUBJECT: United States Cyber Incident Coordination

The advent of networked technology has spurred innovation, cultivated knowledge, encouraged free expression, and increased the Nation’s economic prosperity. However, the same infrastructure that enables these benefits is vulnerable to malicious activity, malfunction, human error, and acts of nature, placing the Nation and its people at risk. Cyber incidents are a fact of contemporary life, and significant cyber incidents are occurring with increasing frequency, impacting public and private infrastructure located in the United States and abroad.

OMB Memorandum M-05-24: Implementation of Homeland Security Presidential Directive (HSPD) 12 – Policy for a Common Identification Standard for Federal Employees and Contractors

Editor’s Note: A pdf of the complete Memorandum including the attachments is available here.

From: Executive Office of the President | The Office of Management and Budget

M-05-24

August 5, 2005

MEMORANDUM FOR THE HEADS OF ALL DEPARTMENTS AND AGENCIES

FROM: Joshua B. Bolten, Director

SUBJECT: Implementation of Home land Security Presidential Directive (HSPD) 12 – Policy for a Common Identification Standard for Federal Employees and Contractors

On August 27, 2004, the President signed HSPD-12 “Policy for a Common Identification Standard for Federal Employees and Contractors” (the Directive). The Directive requires the development and agency implementation of a mandatory, government-wide standard for secure and reliable forms of identification for Federal employees and contractors. As required by the Directive, the Department of Commerce issued Federal Information Processing Standard 201 (the Standard). This memorandum provides implementing instructions for the Directive and the Standard.

Executive Order 13636, Improving Critical Infrastructure Cybersecurity

From: The White House

EXECUTIVE ORDER

– – – – – – –

IMPROVING CRITICAL INFRASTRUCTURE CYBERSECURITY

 

By the authority vested in me as President by the Constitution and the laws of the United States of America, it is hereby ordered as follows:

Presidential Policy Directive/PPD-21 — Critical Infrastructure Security and Resilience

From: The White House

PRESIDENTIAL POLICY DIRECTIVE/PPD-21

SUBJECT: Critical Infrastructure Security and Resilience

The Presidential Policy Directive (PPD) on Critical Infrastructure Security and Resilience advances a national unity of effort to strengthen and maintain secure, functioning, and resilient critical infrastructure.

Introduction

The Nation’s critical infrastructure provides the essential services that underpin American society. Proactive and coordinated efforts are necessary to strengthen and maintain secure, functioning, and resilient critical infrastructure – including assets, networks, and systems – that are vital to public confidence and the Nation’s safety, prosperity, and well-being.

Gift Basket on Mitigating Insider Threats

From: The White House

This gift basket records the intent of Armenia, Australia, Belgium, Canada, Chile, Czech Republic, Finland, Georgia, Germany, Hungary, Israel, Italy, Japan, Jordan, Kazakhstan, Mexico, Morocco, the Netherlands, Nigeria, Norway, Republic of Korea, Romania, Spain, Sweden, Thailand, United Kingdom, United States and INTERPOL to establish and implement national-level measures to mitigate the insider threat.

Insiders generally possess access rights which, together with their authority and knowledge, grant them far greater opportunity than outsiders to bypass dedicated nuclear and radiological security elements or other provisions such as safety systems and operating procedures.  Insiders, as trusted personnel, are capable of methods of defeat that may not be available to outsiders.  As such, insiders—acting alone or in concert with outsiders—pose an elevated threat to nuclear security.