White House Issues Memo to Bolster NSS Cybersecurity

Summary

The White House has issued National Security Presidential Memorandum-12 (NSPM-12) to enhance the cybersecurity of National Security Systems (NSS), which are critical for classified information and military/intelligence operations. The memo establishes a clear governance structure and accountability for NSS cybersecurity, ensuring civilian agencies' systems receive protection comparable to those of other government entities. It also reestablishes and modernizes the Committee on National Security Systems (CNSS) to set baseline requirements, oversee NSS cybersecurity, and issue emergency directives.

Full text

President Trump on Friday signed National Security Presidential Memorandum-12 (NSPM-12) to bolster the cybersecurity of National Security Systems (NSS). NSS includes the most sensitive computer systems in the US, used for the processing of classified information and for military and intelligence mission support. The new memorandum establishes a clear structure for NSS governance and NSS cybersecurity requirements accountability, to ensure that NSS owned or operated by civilian agencies receive the same level of protection as those of the government. “It shall be the policy of the United States Government to foster a proactive, adaptive, and resilient cybersecurity ecosystem for all NSS to better safeguard the Nation against persistent cyber threats from sophisticated adversaries,” NSPM-12 reads. The memo also reestablishes the Committee on National Security Systems (CNSS), modernizing it to set baseline cybersecurity requirements across all NSS. Per NSPM-12, CNSS will oversee NSS cybersecurity across the government, will issue emergency directives, provide authoritative minimum requirements, and promote coordination and information sharing to provide collaboration, standardization, and resource management.Advertisement. Scroll to continue reading. “The CNSS will leverage the combined authorities and resources of the Federal Chief Information Officer, the Chief Information Officers of the DOW and IC, and the Director of the National Security Agency (NSA) to ensure that there are no gaps or weak links in NSS defenses,” the White House’s NSPM-12 fact sheet reads. Per the memorandum, the director of the NSA will serve as the National Manager for NSS to bolster NSS security, and a Policy Coordination Committee (PCC) will work with the CNSS on an NSS cybersecurity posture assessment. The National Manager will provide technical advice to the CNSS, recommendations on incident response, and may issue emergency directives to protect the NSS in response to “intelligence of adversary capability and intent to target NSS,” the memo reads. Per NSPM-12, within the next three months, CNSS shall revise specific directives, issue a roadmap and policy priority areas, decide which existing policies must be maintained and incorporated into directives, and “review all existing CNSS policies, directives, and instructions to determine which should be rescinded or harmonized”. Agencies are required to maintain an inventory of NSS they own or operate, update it annually, and make it available to the National Manager. Related: CISA Directs Federal Agencies to Prioritize Security Patches Based on Risk Related: US Military Reaches Deals With 7 Tech Companies to Use Their AI on Classified Systems Related: White House Scraps ‘Burdensome’ Software Security Rules Related: CISA Closes 10 Emergency Directives as Vulnerability Catalog Takes Over Written By Ionut Arghire Ionut Arghire is an international correspondent for SecurityWeek. Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights. More from Ionut Arghire Ukrainian Man Pleads Guilty in US to Conti Ransomware ChargesShinyHunters Claims Council of Europe HackFBI, Google Dismantle ‘Outsider Enterprise’ Phishing ServiceNPM 12 Will Change Script Execution Behavior to Prevent Supply Chain AttacksIranian Cyber Group Handala Claims Cal Water HackIvanti Sentry Exploitation Attempts Hitting HoneypotsChrome 149 Update Patches 28 VulnerabilitiesCISA Directs Federal Agencies to Prioritize Security Patches Based on Risk Latest News Cal Water Investigating Iranian Hackers’ ClaimsAtomic Arch Supply Chain Attack Hits 1,500 AUR PackagesCybersecurity Executives Urge the Trump Administration to Ease Restrictions on Anthropic AI ModelsTech Coalition ‘Athena’ Targets OSS Vulnerabilities Ahead of DisclosureCisco Patches Another SD-WAN Zero-Day Exploited in AttacksRansomware Attack Shuts Down Mills of Australia’s Second-Largest Sugar ProducerChinese Hackers Target Medical, Military, and AI Research in North AmericaNewCore Emerges From Stealth Mode With $66 Million in Funding Trending Daily Briefing NewsletterSubscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: How Modern Breaches Bypass MFA and Evade Detection June 17, 2026 Today’s attackers are no longer breaking in — they’re logging in. Join this live webinar as we break down the modern identity attack chain and examine how recent breaches exploited weaknesses in authentication, identity verification, and access management processes. Register Webinar: Modern Exposure Validation in the AI Era June 24, 2026 AI has accelerated both sides of the fight. Adversaries are weaponizing vulnerabilities faster, while defenders are racing to ship detections and configurations. Join this live webinar as we explore how to prove your controls actually hold against new threats, map your security maturity, and unite breach simulation with automated pentesting into a single, coordinated program. Register People on the MoveStephen Garcia has been named Chief Information Security Officer at BreachRx.Kasper Lindgaard has been appointed Vice President of Security Strategy at CoreView.Chaim Mazal has been named Chief Information Security Officer at GitLab.More People On The MoveExpert Insights After AI Reaches Production: 12 Ways Security Teams Can Take Control Security teams need more than visibility into AI applications, they need a repeatable framework for monitoring, investigating, and defending them in production. (Joshua Goldfarb) Everybody Is Vibe Coding But Nobody Told the Security Team AI-driven development is not something organizations can or should block. But it must be governed. (Danelle Au) The Zero-Knowledge Threat Actor and the End of Responsible Disclosure AI can help attackers generate malware, create malicious payloads, bypass simple security checks, and convert vague malicious intent into functional code. (Etay Maor) Raising the Cybersecurity Stakes: Ante up for the Agentic Era CISOs are now facing machine-speed attacks and asking, “How do I agent?” The industry must provide remediation at scale. (Nadir Izrael) Caught Off Guard: Securing AI After It Hits Production As enterprises rush AI projects into production, security teams are increasingly being forced into reactive mode. (Joshua Goldfarb) Flipboard Reddit Whatsapp Whatsapp Email

Entities