Critical highlights from President Trump’s latest Executive Order 14306 on cybersecurity, Sustaining Select Efforts to Strengthen the Nation’s Cybersecurity and Amending Executive Order 13694 and Executive Order 14144
Cryptography and cybersecurity�infrastructure
January 2027
September 2025
August 2025
January 2030
December 2025
November 2025
Secure software development�practices
Artificial intelligence
and policy
modernization
Director of National Institute of Standards
and Technology (NIST)
will establish a consortium to develop guidance on secure software practices based on SSDF (NIST SP 800-218).
Director of NIST will update SP 800-53 to guide secure patch deployment.
Agencies to make cyber defense datasets available for artificial intelligence (AI) research; AI vulnerability management to be�integrated into agency processes.
Director of NIST will�publish a preliminary�update to the Secure�Software Development�Framework (SSDF).
�Within 120 days of preliminary update, the director of NIST will publish a final update to the SSDF.
Federal vendors of�consumer internet of�things (IoT) products�must carry the U.S.�Cyber Trust Mark.
Agencies must�support Transport�Layer Security 1.3 or successor protocols for PQC readiness.
Department of Homeland Security (DHS) and National Security Agency (NSA) to release a list of product categories supporting post-quantum cryptography (PQC).
Within one year: Pilot program for machine-readable cybersecurity policy (rules-as-code) to be launched.
Within three years: Office of Management and Budget (OMB) to revise Circular A–130 to align cybersecurity policy with modern practices.