The latest cybersecurity executive order, issued in June of 2025, aims to streamline past administrations' cybersecurity executive actions and strip mandates seen as overly prescriptive or ideological. It also introduces new guidelines and mandates to strengthen cyber practices within the government and private sector.
Key Updates to Historical Guidance
The order updates sanctioning policies from the Obama administration that allow the government to financially punish people involved in hacking activities that harm U.S. national security. This latest order "limits the application of cyber sanctions only to foreign malicious actors" to prevent the "misuse against domestic political opponents."
Cyber guidance issued in the waning days of the Biden administration encouraged government agencies to ramp up use of digital ID technologies. The latest EO strikes this mandate based on the belief that digital ID could lead to greater fraud and abuse.
Securing Software Development
The order directs the Commerce Department and its National Institute of Standards and Technology (NIST) to work with private industry to improve how software is built and secured. This consortium must be established and begin work by August 1. NIST is also required to issue several updates to existing guidance, including:
- Special Publication 800-53 (Security and Privacy Controls for Information Systems and Organizations) to provide guidance on how to securely and reliably deploy patches and updates by September 1.
- Secure Software Development Framework to suggest "practices, procedures, controls, and implementation examples regarding the secure and reliable development and delivery of software as well as the security of the software itself" by December 1.
The order also includes a security certification program similar to an effort launched under the Biden Administration. Any smart devices the government buys will need to carry a "Cyber Trust Mark" label by January 2027, showing they meet baseline security standards.
Preparing for Post Quantum Cryptography
The new order addresses the reality that quantum computing will eventually break much of the public-key cryptography now used in the U.S. and around the world. It expands calls in Biden-era EOs to prepare for a post-quantum reality, directing the National Security Administration and the Office of Management and Budget to issue government agency standards for post-quantum cryptography by December 2025 in order to drive the implementation of tougher security protections by 2030. It also directs the Department of Homeland Security (DHS) and its Cybersecurity and Infrastructure Security Agency to "release and thereafter regularly update a list of product categories in which products that support post-quantum cryptography are widely available" by this December.
Protecting AI Vulnerabilities
The order tasks a set group of civilian agencies--the Commerce Department, NIST, DHS, the Energy Department, and the National Science Foundation--to ensure that "existing datasets for cyber defense research have been made accessible to the broader academic research community (either securely or publicly) to the maximum extent feasible, in consideration of business confidentiality and national security." The directive is that these data sets be ready for use by November 1.
DHS, the Defense Department, and the Director of National Intelligence are also directed to "incorporate management of AI software vulnerabilities and compromises into their respective agencies' existing processes and interagency coordination mechanisms for vulnerability management." This means they must begin treating AI software flaws like any other cybersecurity risk--tracking, reporting and sharing indicators of compromise as part of their existing incident response systems.
To stay up to date on cybersecurity trends and policies, check out these resources from GovEvents and GovWhitePapers.
- 16th Annual Billington Cybersecurity Summit (September 9-12; Washington, DC) - Learn about the latest cybersecurity trends, best practices, and threats. This year's theme, Advancing Cybersecurity in the AI Age, will bring a special emphasis on the increasing impact that AI is having on the cyber world at all levels.
- Strengthening Cybersecurity Through Innovation, Collaboration, & Resilience (September 22, 2025; webcast) - There is a critical conversation to be held on safeguarding U.S. critical infrastructure against persistent and evolving cyber threats. With global adversaries increasingly targeting power grids, communications networks, water systems, and other essential services, the urgency to fortify national cybersecurity has never been greater.
- National Cyber Summit 2025 (September 23-25, 2025; Huntsville, AL) - This event offers unique educational, collaborative and workforce development opportunities for industry visionaries and rising leaders. It connects senior cyber-tech leaders to those just starting in cyber-tech fields to build a stronger and more resilient cyber workforce in government, industry, and academia.
- Navigating the Future of Cybersecurity with Artificial Intelligence (white paper) - As cybersecurity threats grow more sophisticated, using AI becomes essential for protecting vital civilian infrastructure and services. This white paper by the AFCEA International Cyber Committee examines the transformative role of AI in enhancing cybersecurity and provides a global comparative analysis.
- Prioritizing Cybersecurity Risk for Enterprise Risk Management (white paper) - This paper outlines methods for assessing risks, selecting responses, and integrating cybersecurity into broader risk-management frameworks. By aligning cybersecurity priorities with business objectives, organizations can make informed decisions that enhance resilience and reduce uncertainty.
- Post Quantum Computing Security (white paper) - The rise of quantum computing presents a significant threat to traditional encryption methods, potentially jeopardizing the security of wireless networks and the broader internet. While cryptographically relevant quantum computers may still be years away, the risk is already present, as adversaries could store encrypted data today and decrypt it later when quantum capabilities become available. In response, organizations like NIST and IETF are developing post-quantum cryptographic standards to safeguard communications.
For more information on cybersecurity in government, search for additional events and resources on GovEvents and GovWhitePapers.
