The Industry’s Only SaaS-Delivered Enterprise DLP

Our unique approach to DLP allows for quick deployment and on-demand scalability, while providing full data visibility and no-compromise protection.

No-Compromise Data Protection is:

  • Cloud-Delivered
  • Cross Platform
  • Flexible Controls

Digital Guardian's Blog

New White House Memo Aims to Strengthen National Security Systems

by Chris Brook on Thursday January 20, 2022

Contact Us
Free Demo

A new White House memo gives greater power to the NSA in its fight to protect sensitive government data.

The White House took yet another step this week to strengthen the nation's cybersecurity posture, signing a memorandum that should help bolster the security of sensitive government networks.

In a National Security Memorandum (NSM) on Wednesday, President Biden granted additional authority to the National Security Agency in its role protecting networks belonging to the Defense Department, intelligence agencies, and federal contractors. Included in the NSM is guidance on rolling out multifactor authentication, encryption, cloud technologies, and endpoint detection services, if government agencies haven't already done so.

The memo entrusts the National Security Agency - the memo codifies its role as National Manager for National Security Systems - to hold agencies accountable by creating Binding Operational Directives for agencies to follow when it comes to outlining measures to safeguard their networks.

Another requirement, under the memo, will be for agencies to take stock in any cross-domain solutions, tools that transfer data between classified and unclassified systems, they may have in place. The NSA meanwhile, will be responsible for establishing security standards and testing requirements to better fortify these solutions.

“Adversaries can seek to leverage these tools to get access to our classified networks, and the NSM directs decisive action to mitigate this threat,” the memo reads.

The memo comes with a handful of timelines that vary from 30 days to 180 days. For example, the NSA has 30 days to work with the Secretary of Defense and the Director of National Intelligence to determine under what kind of circumstances the aforementioned Binding Operational Directive could be used. Agencies that have cross-domain solutions in place have 60 days to supply the NSA with information about those deployments. Agencies have 180 days to identify if they're using encryption not in compliance with the NSA,

One of the ideas behind the memo is that defense and intelligence organizations will be able to better communicate cybersecurity issues, like hacks, when they happen by reporting them directly to the NSA.

The memo also encourages further collaboration; its asking the Department of Homeland Security to work closer with the NSA on any issues that could impact both national security systems and federal civilian executive branch systems.

The action builds on last May’s Executive Order which required federal agencies to prioritize cloud adoption, identify sensitive data and update the protections for that data, encrypt data at rest and in transit, implement multi-factor authentication, and meet expanded logging requirements.

Tags: Government

Recommended Resources

  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business
  • How to simplify the classification process
  • Why classification is important to your firm's security
  • How automation can expedite data classification

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with a decade of experience writing about information security, hackers, and privacy. Chris has attended many infosec conferences and has interviewed hackers and security researchers. Prior to joining Digital Guardian he helped launch Threatpost, an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.