President Strengthens U.S. Cybersecurity Against China, Russia, and More Threats
Published Date: 6/11/2025
Presidential Document
Summary
This new order updates previous cybersecurity rules to keep the U.S. safer from hackers, especially from countries like China, Russia, Iran, and North Korea. It changes how the government shares threat info and focuses on protecting important networks without adding new costs or deadlines. Basically, it keeps the fight against cyber threats strong and smart for everyone involved.
Free Policy Watch
New rules are filed every week. Most people never see them.
Pick a topic. PRIA watches every federal rule and tells you when one hits your household.
Pick a topic to get started
Analyzed Economic Effects
5 provisions identified: 3 benefits, 1 costs, 1 mixed.
NIST to Update Secure Software Guidance
The Secretary of Commerce, through NIST, must form an industry consortium by August 1, 2025, and publish a preliminary update to the Secure Software Development Framework (SSDF) by December 1, 2025, with a final SSDF due within 120 days after the preliminary update. NIST must also update NIST Special Publication 800-53 by September 2, 2025 to provide guidance on securely and reliably deploying patches and updates.
Post-Quantum and TLS Transition Deadlines
By December 1, 2025, CISA must publish a list of product categories where post-quantum cryptography (PQC) products are widely available. The Director of the NSA (for National Security Systems) and the Director of OMB (for non-NSS) must issue requirements so agencies support Transport Layer Security (TLS) protocol version 1.3 or a successor no later than January 2, 2030.
Federal IoT Cyber Trust Labeling Rule
Within one year the government will pilot machine-readable policy tools, and agency members of the FAR Council shall take steps so that, by January 4, 2027, vendors to the Federal Government of consumer Internet-of-Things products must carry United States Cyber Trust Mark labeling. This creates a labeling requirement for IoT products sold to federal buyers by that date.
AI Security Data Access and Management
By November 1, 2025, several agencies must make existing datasets for cyber-defense research accessible to the broader academic research community to the maximum extent feasible. Also by November 1, 2025, defense, homeland security, and intelligence agencies must incorporate management of AI software vulnerabilities into their existing vulnerability management and incident processes, including sharing indicators of compromise for AI systems.
Narrowing Cyber Sanctions to Foreign Persons
Executive Order 13694 is amended to replace the phrase 'any person' with 'any foreign person' in the cited subsections, changing the described blocking authority to refer specifically to foreign persons.
Your PRIA Score
Personalized for You
How does this regulation affect your finances?
Sign up for a PRIA Policy Scan to see your personalized alignment score for this federal register document and every other regulation we track. We analyze your financial profile against policy provisions to show you exactly what matters to your wallet.
Key Dates
Department and Agencies
Take It Personal
Get Your Personalized Policy View
Take the PRIA Score to see how policy affects your household, then upgrade to PRIA Full Coverage for year-round monitoring.
Already have an account? Sign in