This month’s blog post is about Cybersecurity Maturity Model Certification (CMMC). In this document I will be discussing Executive Order 14306 (6 June 2025), “Sustaining Select Efforts to Strengthen the Nation’s Cybersecurity and Amending Executive Order 13694 and Executive Order 14144.”
Pay attention I will be highlighting key changes and roles of various agencies like NIST, CISA, and OMB. Main takeaways include the shift in Public Key Infrastructure algorithms and the removal of Border Gateway Protocol from EO 14144.
I wonder if I was asked to write this blog because I can translate & simplify governmental writing, or at least I should be able to do so after a career’s worth of it!
You can find online many cybersecurity firms that have posted the interpretations of EO 14306. I did and found opinions and error. Do yourself a favor – download the Federal Register .pdf and read the original! It is only 3+ pages, although it will lead you to the changes and deletions in the reference E.O.s below. Another useful source is https://www.whitehouse.gov/fact-sheets/2025/06/fact-sheet-president-donald-j-trump-reprioritizes-cybersecurity-efforts-to-protect-america/. Yes, it has jabs at previous presidential administrations, but it does state what the current administration is trying to do.
Cyber Dad’s Key Takeaways:
#1 EO 14306 is a major rewrite of EO 14144.
#2 EO 14306, does not directly mention ‘CMMC’ or NIST 800-171 (Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations (Rev. 3)) rather the overall effort to protect the U.S. Governmental Information (Federal Acquisition Regulatory (FAR) Council, etc.).
#3 NIST, CISA, OMB, and the FAR Council all have major roles (and deadlines).
#4 Expect NIST SP 800-53 (Security and Privacy Controls for Information Systems and Organizations) and NIST SP 800-128 (Secure Software Development Framework) to be key documents and stay tuned for updates!
#5 Expect more on ‘Cryptanalytically Relevant Quantum Computer’ (CRQC). The U.S. will be shifting Public Key Infrastructure algorithms in threat response.
#6 Transport Layer Security (TLS) will be changing to TLS 1.3 or a later version.
#7 The mention of the ‘Border Gateway Protocol’ has been removed from EO 14144.
#8 For at least the last 10 years, all presidential administrations, regardless of party, have recognized through Executive Orders the criticality of the foreign cyberattack threat and the urgency of cyber defense.
Reference Documents:
EO 14306, 6 June 2025 “Sustaining Select Efforts to Strengthen the Nation’s Cybersecurity and Amending Executive Order 13694 and Executive Order 14144.” Signed by President Trump.
EO 14144, 16 Jan 2025 “Strengthening and Promoting Innovation in the Nation’s Cybersecurity.” Signed by President Biden
EO 13984, 19 Jan 2021 “Taking Additional Steps to Address National Emergency With Respect to Significant Malicious Cyber-Enabled Activities.” Signed by President Trump.
EO 13757, 28 Dec 2016 “Taking Additional Steps to Address the National Emergency With Respect to Significant Malicious Cyber-Enabled Activities. Signed by President Obama.
EO 13694, 1 Apr 2015 “Blocking the Property of Certain Persons Engaging in Significant Malicious Cyber-Enabled Activities. Signed by President Obama.