New Cybersecurity Executive Order: What You Need To Know

A new cybersecurity Executive Order aims to modernize federal cybersecurity with key provisions for post-quantum encryption, AI risk and secure software development.

On June 6, 2025, the White House released a new Executive Order (EO) aimed at modernizing the nation’s cybersecurity posture. As cyber threats continue to evolve in scale and sophistication, the EO reinforces the federal government’s commitment to defending digital systems that power critical services, infrastructure and national security. It also creates renewed urgency for vulnerability management by calling on federal agencies to incorporate management of AI vulnerabilities into their existing vulnerability management practices. 

Key changes introduced by the Executive Order

1. Addressing AI and IoT security

Rather than impose new restrictions on AI technologies, the EO focuses on visibility and vulnerability management within AI software and systems. It gives federal agencies a November 1, 2025 deadline to incorporate management of AI software vulnerabilities into their existing vulnerability management practices. The EO also supports the launch of the voluntary Cyber Trust Mark program to help secure consumer and federal IoT devices by promoting transparency and baseline protections.

2. Encouraging stronger patch management

The EO directs the National Institute of Standards and Technology (NIST) to update Special Publication 800–53 (Security and Privacy Controls for Information Systems and Organizations) to provide guidance on how to securely and reliably deploy patches and updates.

3. Reinforcing critical infrastructure defense

Critical infrastructure operators, particularly in energy, communications and transportation, are called to align with enhanced security standards. This includes deeper coordination with the Cybersecurity and Infrastructure Security Agency (CISA) and adherence to frameworks like the Federal Operational Cybersecurity Alignment (FOCAL) Plan.

4. Emphasizing secure software development

Federal agencies are now required to adopt updated secure software development practices in line with revised guidelines from NIST. This includes deeper integration of an update Secure Software Development Framework (SSDF) and improved vendor attestations for software integrity.

5. Preparing for quantum-safe encryption

Recognizing the long-term risks posed by quantum computing, the EO mandates that federal agencies begin transitioning to post-quantum cryptographic standards. Agencies must inventory current cryptographic assets and develop migration plans to safeguard sensitive data for the future.

6. Strengthening internet infrastructure

The EO directs action to secure the Border Gateway Protocol (BGP), a foundational component of internet routing. Agencies are expected to assess and strengthen their network infrastructure to protect against BGP hijacking and related risks.

7. Aligning policy to practice

Notably, the EO states that “Agencies’ policies must align investments and priorities to improve network visibility and security controls to reduce cyber risks.” It further calls on the Director of the Office of Management and Budget to issue guidance for addressing critical risks and adapting modern practices and architectures across federal information systems and networks. 

Why it matters for federal agencies

This EO reinforces the importance of shifting from reactive to proactive cybersecurity. By addressing emerging risks — such as AI exploitation, post-quantum threats and software supply chain weaknesses — the administration is signaling the need for adaptability and continuous improvement. The EO also underscores the need for secure patch management, enhanced critical infrastructure standards and coordination with CISA, and a push for federal agencies to align their policies, investments and practices to better manage cyber risks.

How Tenable can help

As a long-time partner of the federal government, Tenable provides FedRAMP authorized solutions to help federal agencies proactively identify and reduce cyber exposures. Tenable One FedRAMP delivers unified visibility and risk-based prioritization across IT, OT, cloud infrastructure and identity systems. Tenable is proud to be one of the original signatories of CISA’s “Secure by Design" Pledge and an active partner of the National Cybersecurity Center of Excellence. We’ve articulated to our customers how we’ve taken steps to implement the provisions of the pledge. 

With capabilities aligned to secure software development practices, continuous vulnerability management, cryptographic asset discovery and AI-aware risk detection, Tenable empowers agencies to meet the evolving mandates of the Executive Order. By integrating comprehensive risk-based insights into existing security workflows, Tenable helps agencies operationalize zero-trust principles, understand how to securely and promptly deploy patches and updates, accelerate incident response and maintain continuous compliance, all while strengthening overall cyber resilience in support of national security objectives.