The article discusses changes to cybersecurity requirements that affect federal contractors, initiated by executive orders from Presidents Biden and Trump. A Biden EO mandated self-attestation for compliance with security frameworks, while Trump's EO removed that requirement and tasked NIST with creating a less stringent implementation guide. Critics worry this rollback will enable contractors to avoid fulfilling necessary security measures. The Trump EO additionally revokes mandates for quantum-resistant encryption, reversing Biden's effort to enhance cybersecurity in the face of advancing technology.
That will allow folks to checkbox their way through 'we copied the implementation' without actually following the spirit of the security controls in SP 800-218.
Very few organizations actually comply with the provisions in SP 800-218 because they put some onerous security requirements on development environments, which are usually [like the] Wild West.
Collection
[
|
...
]