Artwork

Content provided by Chatcyberside. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Chatcyberside or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.
Player FM - Podcast App
Go offline with the Player FM app!

Federal Cybersecurity Rollbacks: What Got Cut—And What Still Stands

19:39
 
Share
 

Manage episode 493335299 series 3625301
Content provided by Chatcyberside. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Chatcyberside or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.

In June 2025, the White House issued an executive order that quietly eliminated several key federal cybersecurity requirements. In this episode of Cyberside Chats, Sherri and Matt break down exactly what changed—from the removal of secure software attestations to the rollback of authentication requirements—and what remains in place, including post-quantum encryption support and the FTC’s Cyber Trust Mark. We’ll talk about the practical impact for security leaders, why this mirrors past challenges like PCI compliance, and what your organization should do next.

Key Takeaways (for CISOs and Security Leaders)
  1. Don’t Drop SBOMs or Attestations — Build Them Into Contracts Anyway
    Even without a federal requirement, insist on SBOMs and secure development attestations in vendor agreements. Transparency reduces your risk.
  2. Re-Evaluate Third-Party Software Risk Practices Now
    With no centralized validation, it's up to you to verify vendors' claims. Strengthen your third-party risk management processes accordingly.
  3. Watch for Gaps in MFA, Encryption, and Identity Standards
    Don’t assume basic protections are baked in. Federal rollback may signal declining baseline expectations—so enforce your own.
  4. Prepare for Industry-Led Enforcement — From Insurers, Buyers, and Info-Sharing Groups
    Expect cyber insurers, large enterprises, ISACs/ISAOs, and professional groups to lead on software transparency. Get ahead by aligning now.

Resources:

  1. Full Text of the June 6, 2025 Executive Order: https://www.whitehouse.gov/presidential-actions/2025/06/sustaining-select-efforts-to-strengthen-the-nations-cybersecurity-and-amending-executive-order-13694-and-executive-order-14144
  1. LMG Security: Software Supply Chain Security – Understanding and Mitigating Major Risks: https://www.lmgsecurity.com/software-supply-chain-security-understanding-and-mitigating-major-risks/
  1. The Record’s Breakdown: Trump Order Rolls Back Key Federal Cybersecurity Rules: https://therecord.media/trump-cybersecurity-executive-order-june-2025
  continue reading

27 episodes

Artwork
iconShare
 
Manage episode 493335299 series 3625301
Content provided by Chatcyberside. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Chatcyberside or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.

In June 2025, the White House issued an executive order that quietly eliminated several key federal cybersecurity requirements. In this episode of Cyberside Chats, Sherri and Matt break down exactly what changed—from the removal of secure software attestations to the rollback of authentication requirements—and what remains in place, including post-quantum encryption support and the FTC’s Cyber Trust Mark. We’ll talk about the practical impact for security leaders, why this mirrors past challenges like PCI compliance, and what your organization should do next.

Key Takeaways (for CISOs and Security Leaders)
  1. Don’t Drop SBOMs or Attestations — Build Them Into Contracts Anyway
    Even without a federal requirement, insist on SBOMs and secure development attestations in vendor agreements. Transparency reduces your risk.
  2. Re-Evaluate Third-Party Software Risk Practices Now
    With no centralized validation, it's up to you to verify vendors' claims. Strengthen your third-party risk management processes accordingly.
  3. Watch for Gaps in MFA, Encryption, and Identity Standards
    Don’t assume basic protections are baked in. Federal rollback may signal declining baseline expectations—so enforce your own.
  4. Prepare for Industry-Led Enforcement — From Insurers, Buyers, and Info-Sharing Groups
    Expect cyber insurers, large enterprises, ISACs/ISAOs, and professional groups to lead on software transparency. Get ahead by aligning now.

Resources:

  1. Full Text of the June 6, 2025 Executive Order: https://www.whitehouse.gov/presidential-actions/2025/06/sustaining-select-efforts-to-strengthen-the-nations-cybersecurity-and-amending-executive-order-13694-and-executive-order-14144
  1. LMG Security: Software Supply Chain Security – Understanding and Mitigating Major Risks: https://www.lmgsecurity.com/software-supply-chain-security-understanding-and-mitigating-major-risks/
  1. The Record’s Breakdown: Trump Order Rolls Back Key Federal Cybersecurity Rules: https://therecord.media/trump-cybersecurity-executive-order-june-2025
  continue reading

27 episodes

All episodes

×
 
Loading …

Welcome to Player FM!

Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.

 

Quick Reference Guide

Copyright 2025 | Privacy Policy | Terms of Service | | Copyright
Listen to this show while you explore
Play