New Cybersecurity Executive Order: What You Need To Know
白宫发布新网络安全行政命令,旨在通过推动后量子加密、应对AI风险和强化安全软件开发等关键措施现代化联邦网络安全。该命令要求联邦机构加强AI漏洞管理、支持物联网设备安全、更新补丁指南、强化关键基础设施防御并采用安全软件开发框架。同时,为抗量子加密和保护互联网基础设施如BGP提供指导。该命令旨在提升国家网络安全能力以应对日益复杂的威胁。 2025-6-11 15:45:0 Author: www.tenable.com(查看原文) 阅读量:23 收藏

New Cybersecurity Executive Order: What You Need To Know

A new cybersecurity Executive Order aims to modernize federal cybersecurity with key provisions for post-quantum encryption, AI risk and secure software development.

On June 6, 2025, the White House released a new Executive Order (EO) aimed at modernizing the nation’s cybersecurity posture. As cyber threats continue to evolve in scale and sophistication, the EO reinforces the federal government’s commitment to defending digital systems that power critical services, infrastructure and national security. It also creates renewed urgency for vulnerability management by calling on federal agencies to incorporate management of AI vulnerabilities into their existing vulnerability management practices. 

Key changes introduced by the Executive Order

  1. Addressing AI and IoT security

Rather than impose new restrictions on AI technologies, the EO focuses on visibility and vulnerability management within AI software and systems. It gives federal agencies a November 1, 2025 deadline to incorporate management of AI software vulnerabilities into their existing vulnerability management practices. The EO also supports the launch of the voluntary Cyber Trust Mark program to help secure consumer and federal IoT devices by promoting transparency and baseline protections.

  1. Encouraging stronger patch management

The EO directs the National Institute of Standards and Technology (NIST) to update Special Publication 800–53 (Security and Privacy Controls for Information Systems and Organizations) to provide guidance on how to securely and reliably deploy patches and updates.

  1. Reinforcing critical infrastructure defense

Critical infrastructure operators, particularly in energy, communications and transportation, are called to align with enhanced security standards. This includes deeper coordination with the Cybersecurity and Infrastructure Security Agency (CISA) and adherence to frameworks like the Federal Operational Cybersecurity Alignment (FOCAL) Plan.

  1. Emphasizing secure software development

Federal agencies are now required to adopt updated secure software development practices in line with revised guidelines from NIST. This includes deeper integration of an update Secure Software Development Framework (SSDF) and improved vendor attestations for software integrity.

  1. Preparing for quantum-safe encryption

Recognizing the long-term risks posed by quantum computing, the EO mandates that federal agencies begin transitioning to post-quantum cryptographic standards. Agencies must inventory current cryptographic assets and develop migration plans to safeguard sensitive data for the future.

  1. Strengthening internet infrastructure

The EO directs action to secure the Border Gateway Protocol (BGP), a foundational component of internet routing. Agencies are expected to assess and strengthen their network infrastructure to protect against BGP hijacking and related risks.

  1. Aligning policy to practice

Notably, the EO states that “Agencies’ policies must align investments and priorities to improve network visibility and security controls to reduce cyber risks.” It further calls on the Director of the Office of Management and Budget to issue guidance for addressing critical risks and adapting modern practices and architectures across federal information systems and networks. 

Why it matters for federal agencies

This EO reinforces the importance of shifting from reactive to proactive cybersecurity. By addressing emerging risks — such as AI exploitation, post-quantum threats and software supply chain weaknesses — the administration is signaling the need for adaptability and continuous improvement. The EO also underscores the need for secure patch management, enhanced critical infrastructure standards and coordination with CISA, and a push for federal agencies to align their policies, investments and practices to better manage cyber risks.

How Tenable can help

As a long-time partner of the federal government, Tenable provides FedRAMP authorized solutions to help federal agencies proactively identify and reduce cyber exposures. Tenable One FedRAMP delivers unified visibility and risk-based prioritization across IT, OT, cloud infrastructure and identity systems. Tenable is proud to be one of the original signatories of CISA’s “Secure by Design" Pledge and an active partner of the National Cybersecurity Center of Excellence. We’ve articulated to our customers how we’ve taken steps to implement the provisions of the pledge. 

With capabilities aligned to secure software development practices, continuous vulnerability management, cryptographic asset discovery and AI-aware risk detection, Tenable empowers agencies to meet the evolving mandates of the Executive Order. By integrating comprehensive risk-based insights into existing security workflows, Tenable helps agencies operationalize zero-trust principles, understand how to securely and promptly deploy patches and updates, accelerate incident response and maintain continuous compliance, all while strengthening overall cyber resilience in support of national security objectives. 


James Hayes

James Hayes

Senior Vice President of Global Government Affairs

James joined Tenable in 2017 as Vice President of Global Government Affairs and was promoted to Senior Vice President in 2022. He is a recognized government affairs executive with 20 years of public- and private-sector experience. Known for his strong business acumen, broad legislative expertise and bipartisan track record, James provides government and industry leaders strategic counsel on cybersecurity and technology policy.

  • Federal
  • Government
  • Public Policy
  • Risk-based Vulnerability Management
  • Security Frameworks

Cybersecurity news you can use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose your subscription option:

Thank You

Thank you for your interest in Tenable Vulnerability Management. A representative will be in touch soon.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose your subscription option:

Thank you

Thank you for your interest in Tenable.io. A representative will be in touch soon.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose your subscription option:

Thank you

Thank you for your interest in Tenable Vulnerability Management. A representative will be in touch soon.

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

Request a demo of Tenable Security Center

Please fill out this form with your contact information.

A sales representative will contact you shortly to schedule a demo.

* Field is required

Request a demo of Tenable OT Security

Get the Operational Technology security you need.

Reduce the risk you don’t.

Request a demo

Don’t wait for an attack--eliminate risks before they’re exploited.

  • Uncover hidden weaknesses
  • Stop threats before they strike
  • Simplify security
  • Secure hybrid environments

Request a demo of Tenable Cloud Security


Exceptional unified cloud security awaits you!


We’ll show you exactly how Tenable Cloud Security helps you deliver multi-cloud asset discovery, prioritized risk assessments and automated compliance/audit reports.

See
Tenable One
in action

Exposure management for the modern attack surface.

See Tenable Attack Surface Management in action

Know the exposure of every asset on any platform.

Get a demo of Tenable Enclave Security

Please fill out the form with your contact information and a sales representative will contact you shortly to schedule a demo.

Thank You

Thank you for your interest in Tenable Enclave Security. A representative will be in touch soon.

Try Tenable Nessus Professional free

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
now available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Try Tenable Nessus Expert free

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Learn How Tenable Helps Achieve SLCGP Cybersecurity Plan Requirements

Tenable solutions help fulfill all SLCGP requirements. Connect with a Tenable representative to learn more.

Get a demo of Tenable Patch Management

Interested in streamlining security and IT collaboration and shortening the mean time to remediate with automation? Try Tenable Patch Management.


文章来源: https://www.tenable.com/blog/new-cybersecurity-executive-order-what-you-need-to-know
如有侵权请联系:admin#unsafe.sh