The Cybersecurity and Infrastructure Security Agency (CISA) is working towards a September 30 deadline to provide federal agencies with a list of example software products deemed critical for enhancing the federal government’s cybersecurity posture. This initiative stems from the agency’s response to a recent Government Accountability Office oversight report that assesses the implementation of a significant 2021 cybersecurity executive order aimed at bolstering U.S. cyberdefenses.
The identified software products, referred to as “EO-critical software” due to their alignment with the executive order’s mandates, meet specific criteria outlined by the National Institute of Standards and Technology. These products have the capability to manage system privileges, execute actions related to network protections, and control operational technology functions, among other features.
The software catalog, which will include example products, will be shared with federal agencies by CISA’s Cybersecurity Division as part of a top recommendation in the GAO report. This move is essential as the U.S. continues to work towards fulfilling the executive order’s comprehensive directives, with significant progress already achieved.
By providing federal agencies with a list of critical software, CISA aims to enhance their awareness of potential cyber vulnerabilities present in the software they heavily rely on. The agency has been advocating for a “secure by design” approach in software procurement, encouraging manufacturers and vendors to embed cybersecurity features in their products from the outset.
Recent cybersecurity incidents involving Chinese and Russian hackers accessing sensitive agency information have underscored the importance of federal cybersecurity. In response, a new Senate bill has been introduced to establish interoperability and cybersecurity standards for online collaboration tools acquired by the federal government.
Federal agencies have frequently been targets for cyberattacks due to their data-rich environments and insufficient on-site cybersecurity measures. For instance, the Federal Communications Commission and the State Department have both reported phishing schemes targeting their staff members.
With cybersecurity threats evolving rapidly, securing federal agencies’ systems and enhancing their cybersecurity posture remains a top priority for national security officials and lawmakers. The upcoming delivery of the critical software list to federal agencies marks a significant step in fortifying the government’s cyberdefenses.
