The roughly 30-page plan outlines dozens of actions that government agencies must take over the next two years to secure systems and reduce the risk of security breaches. The administration is still reeling from the SolarWinds hacking disaster, in which Russian hackers spent months infiltrating US federal computers.
Government agencies have until the end of fiscal year 2024 to put in place many of the measures described in the plan, which include more stringent network segmentation, multi-factor authentication, and widespread encryption. Departments are given 60 days or 120 days to appoint leads, who will implement the measures and classify certain information based on sensitivity.