"That will allow folks to checkbox their way through 'we copied the implementation' without actually following the spirit of the security controls in SP 800-218."
"Very few organizations actually comply with the provisions in SP 800-218 because they put some onerous security requirements on development environments, which are usually [like the] Wild West."
The article discusses changes to cybersecurity requirements that affect federal contractors, initiated by executive orders from Presidents Biden and Trump. A Biden EO mandated self-attestation for compliance with security frameworks, while Trump's EO removed that requirement and tasked NIST with creating a less stringent implementation guide. Critics worry this rollback will enable contractors to avoid fulfilling necessary security measures. The Trump EO additionally revokes mandates for quantum-resistant encryption, reversing Biden's effort to enhance cybersecurity in the face of advancing technology.
Read at Ars Technica
Unable to calculate read time
Collection
[
|
...
]