President Donald Trump signed National Security Presidential Memorandum 12 (NSPM-12) on June 12, 2026, establishing a new governance framework for the cybersecurity of National Security Systems (NSS) across the federal government. The memorandum rescinds two prior foundational directives – National Security Directive 42 (NSD-42) from 1990 and National Security Memorandum 8 (NSM-8) from 2022 – and replaces them with updated authorities, structures, and accountability mechanisms aligned to the current threat environment.
Key Takeaways
- National Security Systems are the federal government’s most sensitive classified, military, and intelligence computing infrastructure.
- The memorandum rescinds prior directives from 1990 and 2022, re-establishing the Committee on National Security Systems (CNSS) – updated for the first time in over 35 years – as the authoritative body for NSS cybersecurity standards and enforcement across all federal agencies.
- The NSA Director is formally designated National Manager for NSS, with authority to issue government-wide emergency directives, serve as cryptologic authority, and regularly assess agency security posture.
- Civilian agencies operating NSS are now required to meet cybersecurity standards comparable to the DOW and IC, with OMB and the National Manager sharing oversight.
- NSPM-12 establishes implementation deadlines of 30 to 120 days covering incident reporting, cloud security, policy harmonization, and NSS inventory management.
What Are National Security Systems?
NSS are the federal government’s most sensitive computing systems that process classified information or directly support military and intelligence missions. They span the Department of War (DOW), the Intelligence Community (IC), and Federal Civilian Executive Branch (FCEB) agencies. NSPM-12 notes that NSS owned or operated by civilian agencies often play critical roles in military and intelligence operations, making uniform cybersecurity standards across all three sectors a priority.
Re-Establishing the Committee on National Security Systems
A centerpiece of NSPM-12 is the formal re-establishment of the Committee on National Security Systems (CNSS), modernized for the first time in over 35 years. The CNSS will serve as the primary governance body for NSS cybersecurity across the federal government, chaired by a National Security Council staff member.
The CNSS membership structure includes four principals: the Secretary of War (acting through the DOW Chief Information Officer), the Director of National Intelligence (acting through the IC CIO), the Director of the Office of Management and Budget (acting through the Federal CIO), and the Director of the NSA as National Manager, as well as other officials who may act as advisors.
Under NSPM-12, the CNSS is empowered to establish binding baseline cybersecurity requirements for all NSS, issue security directives to agency heads, and hold NSS owners and operators accountable for implementing required protections. The memorandum specifies that NSS must meet or exceed cybersecurity standards issued by the National Institute of Standards and Technology (NIST), part of the Department of Commerce, unless the CNSS provides otherwise through a complementary standard.
The CNSS will leverage the combined authorities and resources of the Federal Chief Information Officer, the Chief Information Officers of the DOW and IC, and the Director of the NSA to ensure there are no gaps or weak links in NSS defenses.
Empowering the NSA as National Manager
NSPM-12 formally designates the Director of the NSA as the National Manager for NSS, a role with significantly expanded responsibilities. The National Manager is authorized to issue emergency directives to agency heads when a known or reasonably suspected threat, vulnerability, or risk represents a substantial danger to NSS. These directives can compel agencies to take any lawful action to protect or mitigate threats to their systems.
Beyond emergency response, the National Manager serves as the cryptologic authority for NSS government-wide, with responsibilities that include designing and protecting cryptographic capabilities, approving security standards, evaluating and certifying security technologies, and conducting foreign cryptographic liaison relationships. The memorandum also tasks the National Manager with developing government-wide performance metrics for NSS defense and conducting regular assessments of agency cybersecurity posture.
Civilian Agency Accountability
A notable provision of NSPM-12 addresses a recognized gap: ensuring that NSS owned or operated by civilian agencies are defended to standards comparable to those in the DOW and IC. The Director of OMB, supported by the National Manager and acting through the Federal CIO, will oversee FCEB Agency compliance with NSS policies. The memorandum helps ensure that NSS owned or operated by civilian agencies receive a defense commensurate to those of the DOW and the IC.
To implement this, NSPM-12 directs the National Manager and OMB to develop memoranda of agreement within 60 days to allow NSA personnel to be assigned or detailed to the Office of the Federal CIO to support NSS oversight at civilian agencies.
Policy Coordination and Implementation Timelines
NSPM-12 establishes a Policy Coordination Committee (PCC) for NSS, chaired by an NSC staff member, to coordinate implementation across member agencies and request periodic assessments of government-wide NSS cybersecurity posture.
The memorandum sets a series of near-term implementation deadlines:
- Within 30 days: CNSS revises its governing and operating procedures.
- Within 60 days: CNSS issues a policy roadmap and priority areas; National Manager recommends updated incident reporting standards; a working group is stood up to deconflict NSS inventories across FCEB agencies.
- Within 90 days: CNSS reviews and harmonizes existing policies; CNSS and National Manager address cloud security requirements and unclassified secure communications policy.
- Within 120 daCNSS requests cloud security baselines from accredited cloud service providers supporting NSS.
Agencies are also required to maintain and annually update inventories of all NSS they own or operate and make those inventories available to the National Manager.
Alignment with Broader Cybersecurity Policy
NSPM-12 is explicitly linked to Executive Order 14306 (signed June 2025), which addressed cybersecurity requirements for Federal Information Systems, and directs the CNSS to develop NSS-specific requirements consistent with that order. The memorandum also coordinates with the roadmap on advanced computing resources required under NSPM-11 of June 5, 2026, on Artificial Intelligence in the National Security Enterprise.
Significance for the Homeland Security Community
NSPM-12 represents a significant reorganization of how the federal government governs the cybersecurity of its most sensitive systems. For homeland security practitioners, the memorandum’s key practical implications include consolidated governance authority under the CNSS, an empowered NSA with government-wide advisory and emergency directive authority, new accountability mechanisms for civilian agency NSS, updated incident reporting requirements, and a mandate to rationalize and reduce duplicative or outdated policy issuances.
