The White House has issued a directive ordering federal agencies to strengthen and update their identity verification policies in order to try to prevent criminal or nation-state-backed hackers from gaining access to networks using information found online.
The order, Strengthening the Cybersecurity of Federal Agencies through Improved Identity, Credential, and Access Management, outlines agency responsibilities but doesn’t contain any concrete deadlines.
There has been an increase in cyber attacks that were conducted through hackers gaining access to personal emails or information from federal employees, and the order aims to prevent any more taking place.
It directs agencies to update their identity verification procedures, designate a team to keep policies updated and improve and streamline reporting processes.
The order also clarifies the responsibilities of the agencies who should lead government-wide efforts: DHS, GSA, OPM and the Department of Commerce. It sets out actions such as ensuring critical policies are aligned and leading research and development coordination with the private sector and international partner stakeholders to identify technology capability gaps.
The policy has also been uploaded to code-sharing website GitHub by the OMB so that people can comment and suggest edits.