Trump revokes digital identity actions in new cyber executive order
While Trump’s new EO eliminates several digital identity directives, it maintains other aspects of the Biden administration’s cybersecurity agenda.
President Donald Trump has signed a new cybersecurity executive order that continues many of the policies of his predecessors, while also marking out some key changes in the approach to software security, digital identity and more.
The new executive order, “Sustaining Select Efforts to Strengthen the Nation’s Cybersecurity,” modifies many aspects of a cyber EO signed by President Joe Biden in January. It also makes changes to executive orders signed by President Barack Obama to focus federal cybersecurity law enforcement efforts on foreign nationals.
But Trump’s new EO continues key aspects Biden directives, including an effort to strengthen the Cybersecurity and Infrastructure Security Agency’s role in defending civilian federal networks.
“More must be done to improve the Nation’s cybersecurity against these threats,” Trump wrote in the latest EO. “I am ordering additional actions to improve our Nation’s cybersecurity, focusing on defending our digital infrastructure, securing the services and capabilities most vital to the digital domain, and building our capability to address key threats.”
The latest cybersecurity executive order also maintains federal efforts around post-quantum cryptography, Border Gateway Protocol, and advanced encryption.
But it eliminates the January order’s directive for agencies to require federal software vendors to provide evidence of following secure development practices.
Instead, Trump directs the National Institute of Standards and Technology to establish a new consortium with industry “that demonstrates the implementation of secure software development, security, and operations practices” based on NIST’s Secure Software Development Framework.
The order also requires NIST to publish a preliminary update to the secure development framework by Dec. 1
In the wake of the 2020 SolarWinds cyber attack, the Biden administration introduced new requirements for federal vendors to attest to following secure development practices. The goal was to ensure vendors were following NIST’s framework to avoid similar software supply chain attacks in the future.
In a factsheet, the Trump administration argues Biden’s software security requirements constituted “unproven and burdensome software accounting processes that prioritized compliance checklists over genuine security investments.”
Digital identity activities eliminated
Trump’s order also eliminates a section from Biden’s EO focused on using digital identity solutions to combat cybercrime and fraud. The White House claims the Biden order’s digital identity directives “risked widespread abuse by enabling illegal immigrants to improperly access public benefits.”
Digital identity advocates, however, argue the United States needs a stronger strategy for securing identity online to prevent both cyber attacks and fraud. But Trump’s EO does not replace the Biden-era efforts with any new activities.
The Biden EO encouraged agencies to accept digital identity documents to access public benefit programs that require identity verification. It directed agencies to consider whether federal grant funding could help states develop and issue secure mobile drivers licenses.
The order also established federal standards around the use of digital identity documents, including requirements that such tools will not enable the surveillance or tracking of individuals.
AI cybersecurity
Trump’s new order also eliminates a section from Biden’s directive on “Promoting Security with and in Artificial Intelligence.” That now-stricken section had directed agencies to explore using AI to enhance the cyber defense of critical infrastructure and establish program for using advanced AI models for cyber defense, while also researching secure AI systems.
Instead, Trump’s new order proposes a much briefer AI section that directs agencies to “ensure that existing datasets for cyber defense research have been made accessible to the broader academic research community (either securely or publicly) to the maximum extent feasible, in consideration of business confidentiality and national security.”
Guidance updates
Trump’s order additionally directs the Office of Management and Budget to update Circular A-130 — “Managing Information as a Strategic Resource” — within the next three years. The update should “address critical risks and adapt modern practices and architectures across Federal information systems and networks,” the order states.
It additionally directs agencies within one year to establish a pilot program exploring a “rules-as-code approach for machine-readable versions of policy and guidance that OMB, NIST, and CISA publish and manage regarding cybersecurity.”
Copyright
© 2025 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.
