On January 19, 2022, President Biden signed National Security Memorandum-8, Improving Cybersecurity of National Security, DOD, and Intelligence Community Systems. This long awaited NSM requires that, at minimum, National Security Systems employ the same network cybersecurity measures as those required of federal civilian networks in Executive Order 14028. The NSM builds on the Biden Administration’s work to protect the United States from sophisticated malicious cyber activity, from both nation-state actors and cyber criminals.
The full memorandum can be found here: https://www.whitehouse.gov/briefing-room/presidential-actions/2022/01/19/memorandum-on-improving-the-cybersecurity-of-national-security-department-of-defense-and-intelligence-community-systems/
Per an NSA news release, the memorandum provides the National Manager the authority to issue binding directions to departments and agencies operating NSS to take action against cybersecurity threats and vulnerabilities. Therefore, all departments and agencies operating NSS will now report to the National Manager on both the status of mitigation actions taken in response to a specific cyber incident as well as provide assessments of the overall impact to their systems. Furthermore, departments and agencies are also required to notify the National Manager of known or suspected incidents or compromises of NSS.
In summary, key measures of NSM-8 include the following:
- Specifies how the provisions of EO 14028 apply to National Security Systems.
- Improves the visibility of cybersecurity incidents that occur on these systems.
- Requires agencies to act to protect or mitigate a cyber threat to National Security Systems.
- Requires agencies to act to protect or mitigate a cyber threat to National Security Systems.
What is a National Security System?
National Security Systems are defined in the United State Code in section 44 U.S.C 3553 {e} {2}) and {e} {3}.
E2 defines NSS as networks operated by DOD, a contractor of DOD or another entity on behalf of DOD that possesses any information that if disclosed, disrupted, modified, or destroyed would have a deliberating impact on DOD.
E3 defines NSS as networks operated by Intelligence Community (IC) members, contractors of the IC, or another entity on behalf of the IC that possesses information that if disclosed, disrupted, modified, or destroyed would have a deliberating impact on the IC.
We are Arlington, a team of innovative, solution-oriented, highly agile, and well-versed professionals with decades of experience in working with America’s defense industry. From emerging cybersecurity regulations to helping our clients solve complex security & compliance solutions – and so much more – you can trust Arlington, the firm that’s Dedicated to Defense®. Learn more at arlingtonintel.com.
More Blog Posts
