SAN FRANCISCO: People consulted about the draft order said Thursday that the planned executive order for the Biden administration would require many software vendors to notify their customers from the federal government when companies have a cybersecurity breach.
A spokeswoman for the National Security Council said no decision had been taken on the final content of the executive order. Reuters revised the draft order.
The solar wind breakthrough, which emerged in December, showed that “the federal government needs to be able to investigate and address threats to the services they provide to the American people early and quickly. Simply put, you can’t fix what you don’t. You know.
The proposed order outlines several digital security recommendations, including notification requirements for service providers, according to the four people familiar with the plan.
It will also require vendors to maintain more digital records to investigate breaches and work with the FBI and Homeland Security’s Cybersecurity Infrastructure Security Agency, known as CISA, when responding to incidents.
In practice, the change will occur through updates to federal acquisition rules. Two people familiar with the plans said the major software companies selling to the government, such as Microsoft or SalesForce, would be affected by the change.