Executive Order on Cybersecurity Names Password Managers Critical Software—What It Means for Your Business
In the past year, supply chain cyberattacks, from SolarWinds and Microsoft Exchange Server to Kaseya and Codecov, have caused a ripple effect across multiple industries. These attacks have affected small businesses, Fortune 500 companies, and government agencies alike. So it’s not surprising that an executive order on cybersecurity, issued by U.S. President Biden earlier this spring, includes a section focused on software development.
As part of this order, password managers were named critical software for securing endpoints.
While this change applies primarily to software developers that are federal government contractors or subcontractors, it’s only a matter of time before this baseline requirement trickles down to the private sector. Here’s why you should pay attention to this new cybersecurity news.
Password managers as critical software
The National Institute of Standards and Technology's (NIST) preliminary list of critical software comprises seven categories, ranging from web browsers to network protection. Password managers is one of the types of software included in the preliminary list under endpoint security (described as “software installed on an endpoint, usually with elevated privileges which enable or contribute to the secure operation of the endpoint or enable the detailed collection of information about the endpoint.”)
Why this cybersecurity executive order matters to your business
As noted earlier, the executive order on cybersecurity applies to private sector companies that supply software to the federal government (and companies that provide components to those vendors). The critical software definition, essentially, specifies which types of software sold to the government needs to meet the requirements of the EO. In other words, any company that sells to the government needs to ensure they’re complying with the baseline security requirements outlined in the EO.
NIST’s recognition that password managers are critical to an IT environment and provide functions critical to trust is validation that password managers are essential to device security.
And here’s why this matters.
Think about NIST’s cybersecurity framework. Many IT and security admins are very familiar with it. Although the framework is not mandatory, it’s a widely adopted cybersecurity best practice in the private sector. That’s because NIST carries a lot of weight.
Don’t be surprised if the federal government requires password managers for other types of vendors and suppliers. We also expect to see many businesses following suit and adopting password managers as critical software, even if they don’t do business with the government.
Do you have this critical software?
If you don’t have a password manager, this is a good time to make the case for adopting one for your business. This critical software is a lot less expensive than many IT and business leaders realize. And Dashlane makes it super simple to roll out and adopt this essential tool across your organization.
Want to learn more about the benefits of password managers?
Read our free white paper, Password Management 101.