Section 3 of the EO puts the onus on the government to lead the adoption of cybersecurity best practices such as zero trust and secure cloud services, and to consistently deploy foundational tools like multifactor authentication (MFA) and encryption (for data at rest and in transit)
Government agencies must:
- Update their existing plans for the adoption and use of cloud technology
- Develop plans for how they’ll implement zero trust architecture (ZTA)
- Deploy MFA and encryption
In addition, the General Services Administration (GSA) is tasked with modernizing the Federal Risk and Authorization Management Program (FedRAMP) by establishing training, incorporating automation, and streamlining documentation.