AWS Public Sector Blog

What you need to know about the Executive Order on Improving the Nation’s Cybersecurity and how AWS can help

On May 12, 2021, President Biden released the “Executive Order on Improving the Nation’s Cybersecurity.” The executive order followed a series of high-profile information security attacks and ransomware incidents targeting the public and private sector. President Biden’s executive order emphasizes the need to elevate information security as a core tenet of national security, and calls on federal agencies and public sector organizations to work with the private sector to prioritize the data security and privacy of the American people and government. Amazon Web Services (AWS) and AWS Partners can help government agencies align with the initiatives in this executive order.

How will the executive order affect federal agencies?

The executive order calls on federal agencies to lead the way in security best practices and to modernize their approach to increasingly sophisticated digital threats. The executive order requires federal agencies to prioritize cloud adoption, identify sensitive data and update the protections for that data, encrypt data at rest and in transit, implement multi-factor authentication, and meet expanded logging requirements. It also references Zero Trust Architectures and, for the first time, requires federal agencies to develop plans to implement a Zero Trust approach.

Zero Trust is a conceptual security model founded on the idea that an actor within a network is not inherently trustworthy based simply on their access to or presence within that network. A Zero Trust architecture creates additional mechanisms and controls beyond network access to protect data from negligent or malicious activity. Learn more about Zero Trust architectures here.

How can AWS help federal agencies meet the requirements of the executive order?

AWS can support your agency’s digital modernization program to meet the President’s “Executive Order on Improving the Nation’s Cybersecurity.” When working with AWS, a US federal agency gains access to resources, expertise, technology, professional services, and our AWS Partner Network (APN), which can help the agency meet the security and compliance requirements of the executive order.

AWS has launched a blog series detailing how AWS can help federal agencies and other public sector organizations plan for and accelerate cloud adoption. Learn how to prioritize the adoption and use of cloud technologies, how AWS offers guidance for building architectures with a Zero Trust security model, plus how to set up multi-factor authentication, encryption for data at-rest and in-transit, and logging capabilities required to increase visibility for security and compliance purposes.

The blog series on meeting the information security executive order with AWS includes:

How AWS can help your US federal agency meet the executive order on improving the nation’s cybersecurity

This post focuses on how AWS can help you plan for and accelerate cloud adoption. AWS has developed multiple frameworks to help you plan your migration to AWS and establish a structured, programmatic approach to AWS Cloud adoption. AWS provides a variety of tools, including server, data, and database features, to rapidly migrate various types of applications from on-premises to AWS. This blog post includes resources for cloud adoption planning tools, AWS services and technologies for migration, AWS Professional Services, AWS Partners, and more. Read the blog post here.

How US federal agencies can use AWS to adopt multi-factor authentication

Multi-factor authentication (MFA) is a best practice that adds an extra layer of protection on top of your authentication process when accessing an application, system,  or network. While MFA is not a new requirement for federal agencies, the executive order highlights its importance in your overall information security posture. This blog post covers methods your federal agency should consider in your efforts to comply with the new MFA requirements. Read the blog post here.

How US federal agencies can use AWS to encrypt data at rest and in transit

Federal agencies and other public sector organizations are responsible for missions that include the storage and transmission of an increasing amount of sensitive content. AWS provides that public sector customers can use to encrypt their data at rest or in motion. For example, AWS Key Management Service (AWS KMS) integrates with all our storage and database services to make encryption at rest as simple as a single click of a mouse or API call. This blog post provides guidance for meeting the requirement specified in the executive order about the encryption of data at rest and in transit. Learn key concepts about encrypting data, the services that are used to encrypt data at rest and in transit, and more. Read the blog post here.

How US federal agencies can use AWS to improve logging and log retention

Information from network and systems logs is invaluable for both the investigation and remediation of information security threats. This blog post shares an overview of logging concepts in AWS, including log storage and management, and explains how to gain actionable insights from that log data. These insights help improve your organization’s security posture and operational readiness, and improve your organization’s ability to deliver on its mission. Read the blog post here.

AWS and AWS Partners have solutions to assist in your plan to accelerate your migration to the cloud. We can help you develop integrated, cost-effective solutions to help secure your environment and implement the executive order requirements. AWS is ready to help you meet the accelerated timeline goals set in this executive order.

Next steps

Watch “Improving Information Security and Addressing the White House Executive Order (EO) with the AWS Cloud,” a new webinar that helps government IT leaders, agencies, and partners understand how to use the AWS Cloud to support many of the goals in the “Executive Order on Improving the Nation’s Cybersecurity.” In this webinar, AWS security experts share ways to use the AWS Cloud to update, upgrade, and modernize their information security frameworks at scale, prioritize adoption of security best practices, and connect with AWS partners to build comprehensive information security solutions. Watch the webinar here.

Want to reach us directly to learn more about how AWS can help your agency meet the executive order? Contact us for help modernizing your organization’s data security with the cloud with AWS.

Learn more about the cloud for government.

Subscribe to the AWS Public Sector Blog newsletter to get the latest in AWS tools, solutions, and innovations from the public sector delivered to your inbox, or contact us.