U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Information Technology Laboratory

Executive Order - Strengthening and Promoting Innovation in the Nation's Cybersecurity

Share

NIST’s Responsibilities Under the January 2025 Executive Order

overview

The President’s Executive Order (EO) on Strengthening and Promoting Innovation in the Nation’s Cybersecurity issued on January 16, 2025, charges multiple agencies – including NIST – with improving accountability for software and cloud service providers, strengthening the security of Federal communications and identity management systems, and promoting innovative developments and the use of emerging technologies for cybersecurity. 

NIST is directly responsible for several actions in the EO, summarized below:

Operationalizing Transparency and Security in Third-Party Software Supply Chains

  • Develop and publish an update to the Secure Software Development Framework (SSDF).
  • Establish a consortium with industry to develop guidance that demonstrates the implementation of secure software development, security, and operations practices based on the SSDF.
  • Update NIST SP 800-53 to provide guidance on how to securely and reliably deploy patches and updates.

Securing Federal Communications

  • Publish updated guidance on deployment of current, operationally viable Border Gateway Protocol (BGP) security methods for Federal Government networks and service providers; and provide updated guidance on other emerging technologies to improve Internet routing security and resilience.
  • Identify and engage foreign governments and industry groups in key countries to encourage their transition to Post-Quantum Cryptography (PQC) algorithms standardized by NIST.
  • Develop guidelines for the secure management of access tokens and cryptographic keys used by cloud service providers. 

Solutions to Combat Cybercrime and Fraud

  • Issue practical implementation guidance to support remote digital identity verification using digital identity documents.

Promoting Security with and in Artificial Intelligence

  • Prioritize funding for programs that encourage the development of large-scaled, labeled datasets needed to make progress on cyber defense research, and ensure that existing datasets for cyber defense research have been made accessible to the broader academic research community to the maximum extent feasible. 
  • Prioritize research on human-AI interaction methods to assist defensive cyber analysis, security of AI coding assistance, methods for designing secure AI systems, and methods for prevention, response, remediation, and recovery of cyber incidents involving AI systems.

Aligning Policy to Practice

  • Establish a pilot program of a rules-as-code approach for machine-readable versions of policy and guidance that OMB, NIST, and CISA publish and manage regarding cybersecurity. 
  • Evaluate common cybersecurity practices and security control outcomes and issue guidance identifying minimum cybersecurity practices. 

Relevant NIST Projects

Latest Updates

A timeline of the January 2025 Cybersecurity Executive Order
Credit: NIST
Information technology and Cybersecurity
Created January 8, 2025, Updated January 16, 2025