Sustaining Efforts To Strengthen Cybersecurity & Amending EOs
Jun 11, 2025
Jun 11, 2025
Summary
Changes existing rules to better protect the nation's computer systems from attacks by countries like China, Russia, Iran, and North Korea.
What problem does this solve?
Foreign countries and criminals are constantly attacking U.S. computer networks, which costs money and puts Americans' safety and privacy at risk. This order updates national cybersecurity rules to better defend against these specific threats and prepare for future challenges like quantum computing.
Who does this affect?
- Federal government agencies
- Technology companies selling to the government
- Manufacturers of Internet-of-Things (IoT) devices
What does this order do?
Names specific foreign cyber threats
Updates U.S. policy to state that China presents the most active cyber threat, along with significant threats from Russia, Iran, and North Korea.
Prepares for quantum computing threats
Orders government agencies to get ready for powerful quantum computers that could break today's security codes. Agencies must support stronger security protocols by 2030.
Requires a 'Cyber Trust Mark' for smart devices
Directs that by January 4, 2027, companies selling consumer smart devices (Internet-of-Things) to the government must have a 'United States Cyber Trust Mark' label.
Reference
Text:
Section:
Header:
Promoting security with and in artificial intelligence
Uses artificial intelligence for cyber defense
Promotes the use of AI to help defend against cyber attacks by making government data available for research and requiring agencies to manage AI software weaknesses.
Updates rules for secure software
Directs the National Institute of Standards and Technology (NIST) to create a group with industry to develop better guidance for secure software and to update federal standards.
Clarifies sanctions for cyber attacks
Amends a previous order to make it clear that penalties for harmful cyber activities apply to 'foreign persons' specifically.
What is the real world impact?
•
Prepares for future technology risks
Addresses new threats from artificial intelligence and powerful quantum computers, which could break current security codes, by requiring agencies to plan for new safety standards.
•
Strengthens the government's digital defenses
Updates and continues cybersecurity programs to better protect federal networks and important services from ongoing and more advanced cyber attacks.
When does this start?
This order takes effect immediately on June 6, 2025, and includes several deadlines for federal agencies over the next few years.
Secure software group
By August 1, 2025, a group with industry must be established to create guidance on secure software practices.
Update patch guidance
By September 2, 2025, NIST must update its guidance on how to safely apply software patches and updates.
Reference
Text:
Section:
Header:
Promoting security with and in artificial intelligence
Make AI datasets available
By November 1, 2025, government agencies must make datasets for cyber defense research available to scientists.
Update secure software framework
By December 1, 2025, NIST must publish a preliminary update to the Secure Software Development Framework (SSDF).
List post-quantum cryptography products
By December 1, 2025, the government must release a list of product types that support new, quantum-resistant security.
Require Cyber Trust Mark for vendors
By January 4, 2027, agencies must require government vendors of consumer smart devices to carry the U.S. Cyber Trust Mark label.
Support for new security protocol
By January 2, 2030, government agencies must support a stronger security protocol (TLS 1.3) to prepare for quantum computing threats.