During dismantling cybersecurity requirements established under previous administrations, the Trump administration has issued a new executive order that eliminates federal contractor obligations to submit secure software development attestations and related technical documentation.
The directive removes verification requirements by the Cybersecurity and Infrastructure Security Agency for these attestations, as well as withdrawing publishing requirements for review results by the Office of the National Cyber Director.
The order eliminates CISA verification duties for contractor attestations and removes ONCD publication requirements for security review outcomes.
The administration targets what it characterizes as “problematic elements,” including “unproven and burdensome software accounting processes” and “micromanaged technical cybersecurity decisions.” White House officials argue that previous mandates highlighted compliance over genuine security investments, creating risks that included potential misuse and unauthorized access to public benefits by illegal immigrants.
Concurrently, the executive order directs prioritization of artificial intelligence development to position the United States as a global leader in AI innovation. The administration launched an AI “action plan” designed to sustain American dominance in AI concerning economic competitiveness, national security, and societal benefits. With cybercrime damages expected to hit 10.5 trillion dollars by 2025, the push for AI-driven security solutions becomes increasingly critical.
The AI executive order underscores identifying and managing vulnerabilities through AI, rather than implementing regulation focused on content control or censorship. The Office of Management and Budget issued memoranda for stronger AI governance and responsible deployment across federal agencies, as well as stressing procurement of American-made AI products to avoid vendor lock-in and improve contract oversight.
The new directive rolls back “burdensome” software requirements by streamlining or removing strict reporting and compliance obligations. This policy shift focuses on encouraging innovation and genuine security over checklist-based compliance, with cuts to federal oversight favoring agency-level discretion and modern procurement practices.
The administration asserts these changes reduce bureaucratic obstacles without compromising core security objectives. The executive orders highlight national security priorities, investing in technology to defend against evolving cyber and foreign threats. Federal agencies are now mandated to implement zero-trust architectures as part of updated cybersecurity frameworks under the new directive.
The refocusing aims to prepare federal, state, and local governments for cyber-attacks, extreme weather, and infrastructure risks through a National Resilience Strategy encompassing modernization and simplification of continuity and preparedness policies. The administration specifically acknowledges China, Russia, Iran, North Korea as significant sources of malicious cyber activity threatening U.S. national security and economic stability.
Officials created a National Risk Register for tracking and prioritizing national infrastructure risks.
