White House Revokes Prior Software Security Mandates, Shifts Risk Authority to Agencies
Read Our Expert Analysis
Create an account or login for free to unlock our expert analysis and key takeaways for this development.
By continuing, you agree to receive marketing communications and our weekly newsletter. You can opt-out at any time.
Recommended for you
White House cyber office moves to embed security into U.S. AI stacks
The Office of the National Cyber Director is developing an AI security policy framework to bake defensive controls into AI development and deployment chains, coordinating with OSTP and informed by recent automated threat activity. The effort intersects with broader debates about AI infrastructure — including calls for shared public compute, interoperability standards, and certification regimes — that could shape how security requirements are funded, enforced and scaled.
CISA orders federal agencies to inventory, patch and phase out unsupported edge devices
CISA has issued a binding directive requiring federal civilian agencies to identify, upgrade and remove internet-exposed edge devices that no longer receive vendor security updates, citing active exploitation by advanced threat actors. Agencies have staged deadlines — three months to inventory, 12 months to start removals and 18 months to finish decommissioning — with continuous monitoring required thereafter.


