|
(b) To prioritize investments in the innovative identity technologies and processes of the future and phishing-resistant authentication options, FCEB agencies shall begin using, in pilot deployments or in larger deployments as appropriate, commercial phishing-resistant standards such as WebAuthn, building on the deployments that OMB and CISA have developed and established since the issuance of Executive Order 14028. These pilot deployments shall be used to inform future directions for Federal identity, credentialing, and access management strategies. (c) The Federal Government must maintain the ability to rapidly and effectively identify threats across the Federal enterprise. In Executive Order 14028, I directed the Secretary of Defense and the Secretary of Homeland Security to establish procedures to immediately share threat information to strengthen the collective defense of Department of Defense and civilian networks. To enable identification of threat activity, CISA’s capability to hunt for and identify threats across FCEB agencies under 44 U.S.C. 3553(b)(7) must be strengthened. (i) The Secretary of Homeland Security, acting through the Director of CISA, in coordination with the Federal Chief Information Officer (CIO) Council and Federal Chief Information Security Officer (CISO) Council, shall develop the technical capability to gain timely access to required data from FCEB agency endpoint detection and response (EDR) solutions and from FCEB agency security operation centers to enable:
(A) timely hunting and identification of novel cyber threats and vulnerabilities across the Federal civilian enterprise;
(B) identification of coordinated cyber campaigns that simultaneously target multiple agencies and move laterally across the Federal enterprise; and
(C) coordination of Government-wide efforts on information security policies and practices, including compilation and analysis of information about incidents that threaten information security.
(ii) Within 180 days of the date of this order, the Secretary of Homeland Security, acting through the Director of CISA, in coordination with the Federal CIO and CISO Councils, shall develop and release a concept of operations that enables CISA to gain timely access to required data to achieve the objectives described in subsection (c)(i) of this section. The Director of OMB shall oversee the development of this concept of operations to account for agency perspectives and the objectives outlined in this section and shall approve the final concept of operations. This concept of operations shall include:
(A) requirements for FCEB agencies to provide CISA with data of sufficient completeness and on the timeline required to enable CISA to achieve the objectives described in subsection (c)(i) of this section;
(B) requirements for CISA to provide FCEB agencies with advanced notification when CISA directly accesses agency EDR solutions to obtain required telemetry;
(C) specific use cases for which agencies may provide telemetry data subject to the requirements in subsection (c)(ii)(A) of this section as opposed to direct access to EDR solutions by CISA;
(D) high-level technical and policy control requirements to govern CISA access to agency EDR solutions that conform with widely accepted cybersecurity principles, including role-based access controls, ‘‘least privilege,’’ and separation of duties;
(E) specific protections for highly sensitive agency data that is subject to statutory, regulatory, or judicial restrictions to protect confidentiality or integrity; and
|
Page:Executive Order 14144.pdf/4
6758
Federal Register / Vol. 90, No. 11 / Friday, January 17, 2025 / Presidential Documents
