White House Order Mandating Software Breach Notifications Could Come Next Week
CISA warns of two new Microsoft Exchange web shells, Google fails to mention that Western governments were behind eleven flaws it discovered, Security hole that allowed SMS rerouting plugged, more
Don’t wait for the next issue of Metacurity. Stay on top of important infosec news by following Metacurity on Twitter!
A draft Biden administration executive order that could be released as early as next week would require many software vendors to notify their federal government customers when the companies have a cybersecurity breach. The disclosure requirement intends to override non-disclosure agreements, which vendors have said limited information sharing, and allow officials to view more intrusions.
The order would require organizations to preserve more digital records and work with the FBI and the Homeland Security Department’s Cybersecurity and Infrastructure Security Agency, known as CISA when responding to incidents.
The order would also include requiring multi-factor authentication and encryption of data inside federal agencies. It would impose additional rules on programs deemed critical, such as requiring a “software bill of materials” that spells out the supply chain. (J…
Keep reading with a 7-day free trial
Subscribe to Metacurity to keep reading this post and get 7 days of free access to the full post archives.