It was recently reported by a White House memo that federal agencies have sixty days to identify critical software in their systems and secure them.
Indeed, this aims to improve the United States’ cybersecurity by defining and pinpointing critical software so as to reinforce the security around these. The National Institute of Standards and Technology was told to define critical software for agencies, as it can apply to software of all forms including standalone software, software integral to specific devices or hardware components, and cloud-based software purchased for or deployed for operational purposes.
As the US is more and more threatened by sophisticated malicious cyber campaigns that risk endangering citizens’ security and privacy, it is then vital that the Federal Government improve its efforts to identify and respond to these campaigns and their perpetrators.
Hence, agencies are told to focus first on identifying credential and access management, operating systems, and network security before implementing critical software guidance. They then have a year to put on security measures and incorporate them for each critical software.