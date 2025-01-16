The Biden administration is imposing new security standards for companies that do business with the U.S. government with a new executive order.

The directive also will require software companies to demonstrate the security of their development processes.

It's not clear if the incoming Trump administration will uphold the new rules.

The Biden administration on Thursday announced an executive order on cybersecurity that imposes new standards for companies selling to the U.S. government and calls for greater disclosure from software providers.

The White House is looking to put in place new rules "to strengthen America's digital foundations," Anne Neuberger, deputy national security advisor for cybersecurity and emerging technology, said in a briefing with reporters on Wednesday.

Cyberattacks have caused an increasing number of disruptions inside federal agencies and companies in recent years.

We've got the news you need to know to start your day. Sign up for the First & 4Most morning newsletter — delivered to your inbox daily. Sign up here.

Attackers have pulled off ransomware attacks at Change Healthcare, the operator of the Colonial Pipeline and the Ascension health care system. And Microsoft said in 2023 that Chinese attackers had broken into U.S. government officials' email accounts, prompting a critical federal report and a series of changes at the software maker.

Companies selling software to the U.S. government will have to demonstrate that their development practices are secure, according to a statement. There will be "evidence that we post on a government website for all software users to benefit from," Neuberger said.

The General Services Administration will have to make policy that makes cloud providers provide information to clients on how to operate securely.

Companies selling products and services to the U.S. government must adhere to a new set of security practices as a result of the executive order.

Last week the White House announced the U.S. Cyber Trust Mark label to help consumers evaluate internet-connected devices. The executive order states that the U.S. government will only purchase such products if they carry the label, starting in 2027.

The order also directs the National Institute for Standards and Technology to come up with guidance for handling software updates. In late 2020, hackers gained access to Microsoft and U.S. Defense Department systems by targeting updates to SolarWinds' Orion software.

It's not clear if President-elect Donald Trump's new administration will uphold the executive order. Biden's cybersecurity officials have not met with those who will take up the work for Trump.

"We haven't discussed, but we are very happy to, as soon as the incoming cyber team is named, of course, have any discussions during this final transition period," Neuberger said.

WATCH: Fmr. CISA Director Chris Krebs on cyberthreats: Expect an increase of offensive cyber activity