Controversy erupted among cybersecurity experts and civil rights advocates following President Trump’s signing of an executive order on June 6, 2025, that greatly modifies existing federal cybersecurity frameworks during the elimination of digital identification requirements for undocumented immigrants.
The order, titled “Sustaining Select Efforts to Strengthen the Nation’s Cybersecurity,” amends Obama-era Executive Order 13694 and Biden-era Executive Order 14144, streamlining removal of government-issued digital ID mandates as it revises secure software development requirements.
Critics argue the changes weaken crucial cybersecurity protections established by previous administrations. The order removes certain obligations for attestations and technical hardening measures for identity and email encryption, raising concerns among security professionals about potential vulnerabilities in federal systems. Multi-factor authentication remains a critical security measure that experts say should never be compromised in federal systems.
Security professionals express alarm over removed attestation requirements and weakened encryption standards, warning of increased vulnerabilities in federal infrastructure.
Expert analysts warn that relaxed reporting and procedural demands could compromise software supply chain security, regardless of the administration’s claims of addressing regulatory burden.
The targeted sanctions policy has drawn particular scrutiny from policy experts who contend the narrowed scope could limit effective responses to cyber threats. Although the order refocuses sanctions authority solely on foreign cyber threat actors targeting U.S. infrastructure, critics suggest this approach may inadequately address the evolving environment of cybersecurity challenges facing government agencies and private sector organizations.
Civil rights organizations have condemned provisions stripping digital ID mandates for undocumented immigrants, characterizing the changes as discriminatory and potentially harmful to vulnerable populations.
These groups argue the modifications could undermine thorough cybersecurity strategies that protect all individuals within U.S. borders, regardless of immigration status.
However, the order maintains several cybersecurity initiatives that have received measured support from technology sector representatives. The establishment of an “IoT Cyber Trust Mark” for consumer devices and mandates for post-quantum cryptography adoption across federal agencies demonstrate continued commitment to emerging security challenges. The directive includes important National Security Systems exceptions that exempt Defense Department and Intelligence Community information systems from the order’s main provisions.
The directive for NSA and CISA to update at-risk product categories by December 1, 2025, also reflects ongoing efforts to address supply chain vulnerabilities. Despite these modifications, the order requires agencies to improve network visibility and strengthen cloud configurations to enhance federal cybersecurity posture.
Security researchers highlight that the order’s long-term effectiveness will depend heavily on implementation details and agency compliance with remaining cybersecurity protocols.
