In June 2025, the White House issued an executive order that quietly eliminated several key federal cybersecurity requirements. In this episode of Cyberside Chats, Sherri and Matt break down exactly what changed—from the removal of secure software attestations to the rollback of authentication requirements—and what remains in place, including post-quantum encryption support and the FTC’s Cyber Trust Mark. We’ll talk about the practical impact for security leaders, why this mirrors past challenges like PCI compliance, and what your organization should do next.

1. Don’t Drop SBOMs or Attestations — Build Them Into Contracts Anyway
   Even without a federal requirement, insist on SBOMs and secure development attestations in vendor agreements. Transparency reduces your risk.
2. Re-Evaluate Third-Party Software Risk Practices Now
   With no centralized validation, it's up to you to verify vendors' claims. Strengthen your third-party risk management processes accordingly.
3. Watch for Gaps in MFA, Encryption, and Identity Standards
   Don’t assume basic protections are baked in. Federal rollback may signal declining baseline expectations—so enforce your own.
4. Prepare for Industry-Led Enforcement — From Insurers, Buyers, and Info-Sharing Groups
   Expect cyber insurers, large enterprises, ISACs/ISAOs, and professional groups to lead on software transparency. Get ahead by aligning now.

Resources:

1. Full Text of the June 6, 2025 Executive Order: https://www.whitehouse.gov/presidential-actions/2025/06/sustaining-select-efforts-to-strengthen-the-nations-cybersecurity-and-amending-executive-order-13694-and-executive-order-14144

2. LMG Security: Software Supply Chain Security – Understanding and Mitigating Major Risks: https://www.lmgsecurity.com/software-supply-chain-security-understanding-and-mitigating-major-risks/

3. The Record’s Breakdown: Trump Order Rolls Back Key Federal Cybersecurity Rules: https://therecord.media/trump-cybersecurity-executive-order-june-2025