“One of the key challenges to implementing this is the capacity of government agencies to implement the project, monitor it and ensure that vendors are held accountable,” commented Yugal Joshi, a partner at Everest Group. “Governments are unlikely to have the staff who understand AI-led cybersecurity and can run these programs.”
“Furthermore,” added Joshi, “many times, the legacy platforms in the government may not allow such an establishment or it may involve spending a lot of money to implement this.” Given the financial pressure on the US government, it will be interesting to see how this is handled.”
Impact on private sellers
To address lingering problems with insecure software, the order requires vendors that provide software to government agencies to adhere to stricter security development practices. Under the order, vendors must provide documentation proving compliance, which will be assessed by the Cybersecurity and Infrastructure Security Agency (CISA) as part of its software certification program, the report said.
Source link