I won't be surprised to see traces of this Executive Order (click Read More below) in forthcoming regulations from FERC under Docket RM24-4-000, SCRM and revised FAR language for government agencies to procure and use only trustworthy software products.
The message is clear, if you can't trust it, then don't buy it, install it or use it. You own the outcome.
If I'm reading the tea leaves correctly, it appears that a "Trust Registry" listing trusted products is one of the deliverables in this order:
"(vi) For attestations that undergo validation, the Director of CISA shall inform the National Cyber Director, who shall publicly post the results, identifying the software providers and software version. The National Cyber Director is encouraged to refer attestations that fail validation to the Attorney General for action as appropriate."
This would enable consumers to check the publicly posted results of product validations before buying, installing or using a software product. That's real transparency.
Some people are expressing concern that the January 16, 2024 Executive Order that aims to protect US Government Agencies from dangerous software may be abandoned by the Trump Administration. It's important to keep in mind that it was President Donald Trump that initiated steps to prevent harmful software from being purchased and used by Federal Agencies back on May 15, 2019, in Executive Order 13873
In my opinion, the January 16, 2024 Executive Order issued by President Biden is, in effect, an endorsement of the original Executive Order issued by President Trump on May 15, 2019 with more precise guidance on the need to implement actual solutions to these problems, like machine-readable attestations submitted through the CISA RSAA portal that NASA presented, which didn't exist in 2019. I'm optimistic that the Trump administration will be more assertive at implementing cybersecurity practices using new technologies, like the RSAA portal and machine-readable attestations like CISA Software Acquisition Guide spreadsheet, to protect the American people, critical infrastructure and the US Government based on everything I've seen. I believe the Trump Administration will "own" this Jan 16 Executive Order and make it their own accomplishment with actual implementations, recognizing that it is really a "full-throated" endorsement of Executive Order 13873 issued May 15, 2019, which DHS Secretary Kristi Noem will accomplish.
NOTE: NASA's video recording of the RSAA portal demonstration is available online.