White House, Executive Order 13800: Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure, 82 Fed. Reg. 22391 (May 11, 2017) (full-text).
This Executive Order outlines the various actions an agency must take to enhance its cybersecurity. The Executive Order states that known but unmitigated vulnerabilities are among the highest cybersecurity risks that agencies face. Known vulnerabilities include using operating systems or hardware beyond the vendors' support lifecycle, declining to implement the vendors' security patches, or failing to execute security-specific configuration guidance.
As such, the President plans to hold agency heads accountable for implementing risk management measures commensurate with the risk and magnitude of the harm that could result from unauthorized access, use, disclosure, disruption, modification, or destruction of information technology (IT) and data. In addition, agency heads will be accountable for aligning Cybersecurity risk management processes with strategic, operational, and budgetary planning processes. Effective upon issuance of the Executive Order, each agency was required to use the NIST Cybersecurity Framework to manage the agency's cybersecurity risk. Each agency is also required to submit a risk management report to the Secretary of Homeland Security and the Director of the Office of Management and Budget within 90 days of the date of the Executive Order.