Nearly All Cybersecurity Mandates from 2021 EO Achieved — US GAO Report

A recent report from the U.S. Government Accountability Office (GAO) reveals that only six out of the numerous leadership and oversight mandates outlined in the 2021 Executive Order on enhancing national cybersecurity are yet to be fulfilled by the responsible agencies.

The three key agencies primarily responsible for the implementation of these requirements are the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA), the National Institute of Standards and Technology (NIST), and the Office of Management and Budget (OMB).

The report highlights that a commendable 49 out of the 55 requirements set forth by President Joe Biden to fortify federal IT systems against cyber threats have been successfully executed.

Additionally, five requirements are partially completed, while one has been deemed "not applicable" due to its timing in relation to other stipulations, as per the findings of the GAO.

The GAO has issued two recommendations to DHS and three to OMB in order to ensure the complete implementation of the executive order's mandates.

“DHS agreed with recommendations to further define critical software and improve operations of the Cyber Safety Review Board. OMB stated it had no comments on GAO’s report,” the report said.

“CISA and OMB have taken steps to ensure that service providers share needed data on cyber threats, incidents, and risks. For example, in September 2021, CISA and OMB issued a joint statement that a major service provider would share its information on cyber incidents and threat actors with federal agencies.”