Strengthening and Promoting Innovation in the Nation's Cybersecurity
Published Date: 1/17/2025
Presidential Document
Summary
The President is stepping up the fight against cyber threats, especially from countries like China, by making government and private sector digital systems safer and smarter. New rules will hold software and cloud companies more accountable and push for cool, cutting-edge tech to protect our online world. These changes start now and aim to save billions while keeping Americans’ data and services secure.
Analyzed Economic Effects
5 provisions identified: 1 benefits, 3 costs, 1 mixed.
Software Vendors Must Submit Attestations
Within 30 days of this order (January 16, 2025), OMB must recommend contract language requiring software providers to submit machine-readable secure-software development attestations, high-level artifacts, and a list of their Federal Civilian Executive Branch (FCEB) agency customers to CISA's Repository for Software Attestation and Artifacts (RSAA). CISA will centrally verify attestations, continuously validate samples, publicly post validation results identifying providers and software versions, and may refer failures to the Attorney General.
Federal Contractors Must Follow NIST Minimum Practices
The Secretary of Commerce (through NIST) will evaluate common industry practices and issue guidance identifying minimum cybersecurity practices within 240 days of the order (by September 13, 2025). Within 180 days after that guidance, the FAR Council will review it and the agency members shall take steps to amend the FAR to require contractors to follow those minimum cybersecurity practices when performing work for the Federal Government.
Consumer IoT Sold to Government Needs Cyber Trust Mark
The FAR Council is to adopt requirements so that vendors to the Federal Government of consumer Internet-of-Things (IoT) products must carry United States Cyber Trust Mark labeling for those products by January 4, 2027. Agencies are to adopt such requirements in contracts as appropriate.
Post-Quantum Cryptography and TLS Deadline
The order directs agencies to require products in categories where post-quantum cryptography (PQC) is widely available to support PQC within 90 days of being placed on a CISA product-category list. It also requires agencies (non-NSS) to support Transport Layer Security (TLS) protocol version 1.3 or a successor no later than January 2, 2030.
Encouraging Use of Digital IDs for Public Benefits
The order encourages agencies to accept digital identity documents to access public benefits programs if they preserve access for vulnerable populations and protect privacy. Within 270 days of the order (by October 14, 2025), NIST will issue practical implementation guidance to support remote digital identity verification using digital identity documents.
Your PRIA Score
Personalized for You
How does this regulation affect your finances?
Sign up for a PRIA Policy Scan to see your personalized alignment score for this federal register document and every other regulation we track. We analyze your financial profile against policy provisions to show you exactly what matters to your wallet.
Key Dates
Related Federal Register Documents
2026-11594 — Implementing Schedule Policy/Career in the Excepted Service
This new rule affects federal employees in important policy jobs, making it easier to remove those who don’t do their jobs well while still hiring based on merit, not politics. Starting now, these policy-focused career roles will have clearer rules for accountability and rewards for great work. This change helps keep the government effective and fair, with no extra costs or delays announced.
2026-11595 — Strengthening Customs Enforcement
The government is cracking down on customs rules to stop illegal goods and make sure importers pay their fair share. Importers will need to show they have enough money or assets to cover their duties, and new rules will roll out within 180 days. This means safer trade, stronger borders, and fairer business for everyone.
2026-11741 — Granting Pardon to Stephen E. Buyer
President Donald J. Trump has officially granted a full and unconditional pardon to Stephen E. Buyer, recognizing his impressive service as a Judge Advocate General and U.S. Representative from Indiana. This pardon wipes the slate clean immediately, with no costs or delays involved. The Attorney General will quickly issue Buyer’s official pardon certificate to make it all official.
2026-11415 — Promoting Advanced Artificial Intelligence Innovation and Security
The President is boosting America’s leadership in advanced AI by cutting red tape and teaming up with private companies to make AI safer and stronger. This means faster tech upgrades, better cyber defenses, and protecting American ideas from theft—all starting right away with key actions due within 30 days. If you work in government or AI industries, get ready for big changes that speed innovation while keeping our country secure.
2026-11314 — Further Adjusting the Tariff Regimes for Imports of Aluminum, Steel, and Copper Into the United States
The U.S. is updating tariffs on aluminum, steel, and copper imports to keep our national security strong. Big changes include higher taxes on metal products starting soon, affecting importers and industries using these metals. These moves aim to protect American jobs and industries while keeping prices fair.
2026-11180 — Realigning United States Core Childhood Vaccine Recommendations With Best Practices From Peer, Developed Countries
The U.S. is updating its childhood vaccine schedule to match the best practices of other developed countries, focusing on fewer vaccines but keeping all current options available. This change aims to boost public trust and respect parents' rights while still protecting kids’ health. The new schedule will roll out soon, with no extra costs expected for families or the government.
Previous / Next Documents
Previous: 2025-01467 — Providing for the Appointment of Alumni of AmeriCorps to the Competitive Service
AmeriCorps alumni who’ve completed at least 1,700 hours of service can now be hired for federal jobs without competing in the usual hiring process. This change helps the government tap into a skilled, service-minded workforce faster and easier, starting right after this order in January 2025. It’s a win-win: AmeriCorps members get more job opportunities, and the government gains talented employees without extra costs.
Next: 2025-01471 — Orderly Implementation of the Air Toxics Standards for Ethylene Oxide Commercial Sterilizers
The government is rolling out new air pollution rules for places that sterilize medical products using ethylene oxide (EtO), a chemical linked to cancer risks. These rules help protect communities, especially kids, by cutting harmful emissions while making sure hospitals keep getting the medical supplies they need. Sterilization facilities must upgrade their equipment soon, which might cost money but will make the air safer for everyone.