Four days before he leaves office, US president Joe Biden issued a cybersecurity directive ordering improvements to the way the government monitors its networks, buys software, use of artificial intelligence, and punishment of foreign hackers.

the 40-page executive order Unveiled on Thursday is the latest attempt by the Biden White House to begin efforts to harness the security benefits of AI, launch digital identities for US citizens, and close loopholes that helped China , Russia, and other opponents. again and again penetrate US government systems.

The order “is designed to strengthen America’s digital foundations and also set the new administration and the country on a path of continued success,” Anne Neuberger, Biden’s deputy national security adviser. for cyber and emerging technology, told reporters on Wednesday.

Facing Biden’s directive is the question of whether president-elect Donald Trump will pursue any initiatives after he takes the oath of office on Monday. None of the technical projects ordered in the order are partisan, but Trump’s advisers may prefer different methods (or timetables) to solve the problems identified in the order.

Trump did not name any of his top cyber officials, and Neuberger said the White House did not discuss the order for his staff to move, “but we are very pleased that, when the incoming cyber team named, there are any discussions in this final phase of transition.”

The core of the executive order is a set of mandates for protecting government networks based on lessons learned from recent major incidents—namely, the security failures of federal contractors.

The order requires software vendors to submit proof that they follow secure development practices, which continues a mandate that debuted in 2022 in response to Biden’s first cyber executive order. The Cybersecurity and Infrastructure Security Agency is tasked with double-checking these security credentials and working with vendors to fix any problems. To put some teeth behind the requirement, the White House’s Office of the National Cyber ​​Director “is encouraged to refer evidence that fails to validate to the Attorney General” for potential investigation and prosecution. .

The order gives the Commerce Department eight months to examine commonly used cyber practices in the business community and issue guidance based on them. Soon after, those practices will become mandatory for companies seeking to do business with the government. The directive also initiates updates to the National Institute of Standards and Technology’s secure software development guide.

Another part of the directive focuses on the protection of authentication keys on cloud platforms, the compromise that opens the door for China. stealing government emails from Microsoft servers and recently this supply-chain hack at the Treasury Department. The Commerce and General Services Administration has 270 days to develop guidelines for primary protection, which should become mandatory for cloud vendors within 60 days.

To protect federal agencies from attacks that rely on flaws in internet-of-things gadgets, the order sets a January 4, 2027, deadline for agencies to purchase only the devices which consumer IoT brings the newly launched. US Cyber ​​Trust Mark label.