fipala

Within 60 days of the date of this order, the Secretary of Commerce, in coordination with the Assistant Secretary for Communications and Information and the Administrator of the National Telecommunications and Information Administration, shall publish minimum elements for an SBOM. Identifying relevant compliance frameworks, mapping those frameworks onto requirements in the FedRAMP authorization Agency Cybersecurity process, and allowing those frameworks to be used as a substitute for the relevant portion of the authorization process, as appropriate. Based on identified gaps in agency implementation, CISA shall take all appropriate steps to maximize adoption by FCEB Agencies of technologies and processes to implement multifactor authentication and encryption for data at rest and in transit. For example, if a Covered Entity shares its data and systems with a BHC, the Covered Entity must ensure that such shared data and systems are protected. Specifically, the Covered Entity must eva...