OMB official reviews progress six months after the cyber EO

By Gorodenkoff Shutterstock ID 771480586 

A federal official tasked with overseeing the execution of the cybersecurity executive order the president signed six months ago said agencies have "come a long way" in meeting its aggressive deadlines and ambitious targets.

Steven McAndrews, director of federal civilian cybersecurity for the Office of Management and Budget (OMB), said his office was working closely with agencies and industry partners after laying out a vision through a series of guidelines to help stakeholders improve their cyber posture.

"Today is the 180-day mark of the cyber EO. We have come a long way in these six months," McAndrews said on Monday at ACT-IAC's Imagine Nation ELC 2021 conference. "We started establishing the policies that are going to get us to the end state that we're looking for."

The executive order required all federal agencies to adopt multi-factor authentication and encryption for data at rest and in transit by Monday, 180 days after President Joe Biden announced the sweeping directives.

OMB and its partners have meanwhile released a steady stream of guidance, including the Cybersecurity and Infrastructure Security Agency (CISA) and the National Institute of Standards and Technology (NIST), instructing agencies on how to meet the requirements outlined in the executive order. Those guidance documents include a federal zero trust strategy OMB released earlier this year, which sets key security outcomes for agencies in order to establish baseline cybersecurity requirements.

CISA has also launched multiple efforts to engage key stakeholders and ensure agencies were on track to meet deadlines, including a joint website with OMB covering zero trust implementation.

McAndrews said OMB was planning to soon release new policies and guidelines that further address critical cybersecurity needs, while working to produce "logical timelines, roadmaps and metrics" designed to create consistency across the federal government.

"The memos and the policies that we've put out tie directly to each of the sections laid out in the EO," he said. "There's copious amounts of deliverables throughout the [EO] and we've taken it piece-by-piece, one section at a time to make sure that we're addressing them and giving them our full attention and … setting up policies to be successful at every agency."

Even as McAndrews spoke, federal cyber officials were reacting to yet another major cyberattack, this one with links to China, in which a threat actor " successfully compromised at least nine global entities across the technology, defense, healthcare, energy and education industries," according to a report from the security firm Palo Alto Networks.

About the Author

Chris Riotta is a staff writer at FCW covering government procurement and technology policy. Chris joined FCW after covering U.S. politics for three years at The Independent. He earned his master's degree from the Columbia University Graduate School of Journalism, where he served as 2021 class president.


  • Workforce
    White House rainbow light shutterstock ID : 1130423963 By zhephotography

    White House rolls out DEIA strategy

    On Tuesday, the Biden administration issued agencies a roadmap to guide their efforts to develop strategic plans for diversity, equity, inclusion and accessibility (DEIA), as required under a as required under a June executive order.

  • Defense
    software (whiteMocca/

    Why DOD is so bad at buying software

    The Defense Department wants to acquire emerging technology faster and more efficiently. But will its latest attempts to streamline its processes be enough?

Stay Connected