Security Best Practices: Information Technology (IT) Systems & Applications Development
The Executive Order on Improving the Nations Cybersecurity (May 12, 2021) states:
Information and communications technology (ICT) service providers working with agencies must promptly report to such agencies when they discover a cyber incident involving a software product or service provided to such agencies or involving a support system for a software product or service provided to such agencies.
The objectives of this cybersecurity Executive Order are:
- Protection of the availability, confidentiality, integrity, non-repudiation of data protection of supply chain, systems, and IT assets and
- Implementation of automation of IT Security risk, threat and response detection, and monitoring to ensure a cloud service offering starts and maintains an appropriate security posture at inception in the cloud and hybrid cloud eco-system
The purpose of this white paper is to summarize federal and industry cybersecurity recommendations and best practices for cloud and hybrid cloud environments for the agency.