President Trump signed a new National Security Presidential Memorandum to support the nation’s National Security Systems (NSS) cybersecurity and modernize governance. The NSS involves the nation’s most sensitive computer systems, those of which process classified information or support military and intelligence operations. 

A core component of the memorandum is the reestablishment of the Committee on National Security Systems (CNSS) as well as its modernization. The CNSS aims to establish baseline cybersecurity requirements for NSS, improving accountability and agency coordination. 

Below, security leaders discuss the implications of this memorandum. 

Security Leaders Weigh In

Marcus Fowler, CEO of Darktrace Federal:

Modernizing the governance of National Security Systems (NSS) is a significant step toward strengthening cybersecurity across some of the federal government’s most sensitive networks. Establishing clearer accountability, baseline requirements, and stronger coordination can help create greater consistency in how these critical systems are protected.

At the same time, implementation details will matter. Expanding NSA’s role as National Manager for NSS raises important potential challenges around oversight, coordination, and how cybersecurity responsibilities will be operationalized across civilian agencies. Defining which systems qualify as NSS, assessing current compliance gaps, and ensuring agencies have the resources necessary to meet new requirements will be critical to the memorandum’s success.

The directive may also have broader implications beyond government. If cybersecurity requirements for NSS increasingly align with frameworks used to protect Controlled Unclassified Information and defense-related environments, federal contractors and private-sector partners supporting civilian agencies could face heightened compliance expectations, operational requirements, and associated costs.

Ultimately, success will depend on whether agencies can translate new governance authorities into measurable security outcomes. The most sensitive networks cannot be protected through static controls alone. They require continuous visibility, behavioral understanding, and the ability to detect and respond to anomalous activity as threats evolve.

Kevin E. Greene, Chief Cybersecurity Technologist, Public Sector at BeyondTrust:

The Committee on National Security Systems (CNSS) hadn’t been updated in 35 years, which created silos, fragmented responsibilities, and poor accountability. I believe NSPM-12 shifts accountability directly to agency heads for the defense of National Security Systems (NSS) by enforcing strict cybersecurity protections and compliance across supply chains and critical systems. This helps harmonize accountability to agency heads, creating an enforceable chain of command overseen by the CNSS and the NSA.

The reestablishment of the CNSS will help eliminate gaps and improve coordination across the DoD, the IC, and civilian agencies. With the rise in machine-scale threats, responsiveness to these issues requires a coordinated and decisive effort. This improvement serves as a mechanism to establish a uniform baseline rather than a fragmented, agency-by-agency approach. Even with a modernized CNSS, roadblocks may still exist for technical implementations that require a multi-agency approval process. The CNSS does not explicitly address those bureaucratic layers.

NIST provides baselines for the federal government, which they should codify through enhanced protection capabilities for mission resilience. The memo states to "meet or exceed" these baselines. For certain critical mission operations, the NSA has been empowered to issue emergency directives and mandate advanced technical capabilities that go beyond the baseline often prescribed by NIST and other civilian agencies. For nation-state actors, standard or baseline protection capabilities are rarely enough. Enhancing these protection capabilities is essential for defending and protecting forward. 

The NSA is a great partner to civilian agencies and brings a wealth of technical subject matter expertise and cyber defense. Under NSPM-12, the NSA will offer centralized capabilities as the global cryptologic authority, provide foreign signals intelligence to map out nation-state adversary infrastructure and capabilities, and provide advanced testing for infrastructure and products for evaluation and approval. This can serve as a critical component in helping carry out the offensive campaigns outline in the new cyber strategy. 

Louis Eichenbaum, Federal CTO at ColorTokens:

If contractors and technology providers are building, operating, integrating, or supporting NSS, accountability has to extend to them as well. Agencies cannot secure NSS in isolation when so much of the mission environment depends on vendor platforms, managed services, cloud providers, and system integrators. The key will be translating this memorandum into contract language, measurable security requirements, and continuous validation not just one-time compliance.

The re-establishment of CNSS can improve cybersecurity outcomes if it drives clear standards, faster decisions, and real accountability. The risk is that it becomes another governance body that produces policy but does not change operational risk. Success will depend on whether CNSS helps agencies move faster, adopt shared services, eliminate outdated requirements, and measurably improve the security posture of NSS.

NIST standards are an essential baseline, but they are not enough by themselves for systems facing sophisticated nation-state threats. NSS environments need to go beyond compliance and focus on operational resilience: strong identity, continuous monitoring, rapid detection, microsegmentation, and the ability to contain an intrusion before it disrupts a mission. Compliance should be the floor, not the ceiling. The biggest barriers are still classification, legal concerns, inconsistent reporting processes, cultural hesitation, and lack of trust between organizations. Too often, information is either shared too slowly or in a format that is not actionable. Effective information sharing requires timely, machine-readable, operationally relevant threat intelligence that agencies and partners can use immediately to reduce risk.

NSA brings deep technical expertise, threat intelligence, cryptographic authority, and operational experience defending some of the nation’s most sensitive systems. Most agencies cannot independently replicate that level of capability, especially against advanced nation-state adversaries. NSA can help establish consistent technical requirements, identify emerging threats, and provide authoritative guidance that raises the security baseline across the NSS ecosystem.