Three years on from Biden infosec EO, and we're still trying to check all the boxes

It's taking time, but isn't a dead issue, US Government Accountability Office security director Marisol Cruz Cain says

interview It's been several years since President Biden signed an executive order to improve America's cybersecurity. The US Government Accountability Office said recently there's still a number of critical goals stemming from that order to accomplish.

To be fair, 49 of the 55 objectives have been met, the GAO said in a report. Unfortunately, those that remain are rather important, Marisol Cruz Cain, GAO director of information technology and cybersecurity – and author of the report – told The Register in an interview you can watch below. 

"I think they're all pretty critical," Cruz Cain told us of the outstanding tasks. You can see the full interview below.

Youtube Video

Those items include the need for several government agencies to define what they believe is meant by "critical software," a crucial step in protecting the nation's IT.

"CISA told us they have a preliminary definition and also [a] preliminary list of what would be considered critical software, but they're still refining it," Cruz Cain said. "Along with NIST and OMB [United States Office of Management and Budget], they told us that they plan on getting that out in September of 2024." 

With a presidential election coming up in November, Cruz Cain doesn't think there's any real possibility that an incoming administration would undo the progress enabled by the 2021 cybersecurity executive order

"Information security is a bipartisan issue," Cruz Cain said. "Everybody wants all systems protected." ®

More about


Send us news

Other stories you might like