Forty-nine of 55 requirements under the Biden administration's executive order aimed at bolstering federal IT systems' cybersecurity defenses were noted by the Government Accountability Office to have already been fulfilled by the Cybersecurity and Infrastructure Security Agency, the Office of Management and Budget, and the National Institute of Standards and Technology, reports FedScoop.
Despite the near completion of all requirements, the CISA was found to still lack a list of critical software for federal agencies, which has already been completed by the OMB and NIST, as well as have gaps in the operations of the multi-agency Cyber Safety Review Board.
On the other hand, OMB continued to lag in detailing a required cost analysis on its yearly spending, ensuring federal agencies' sufficient resources for endpoint detection and response adoption, and logging practices. However, most of the EO's requirements, including improved cyber threat sharing, critical software security guidance, and incident response playbooks, have already been achieved by federal agencies, according to the GAO.