National Security Presidential Memorandum 12 (NSPM-12), which was signed on June 12, 2026, creates a thorough national policy for National Security Systems (NSS) cybersecurity. Because it requires these highly targeted systems to meet or surpass baseline cybersecurity standards set by the National Institute of Standards and Technology (NIST), this directive has significant operational implications for Chief Information Security Officers (CISOs), especially those in charge of defense industrial base networks or federal agency infrastructure.
“NSS shall meet or exceed the protection level of cybersecurity standards issued by the National Institute of Standards and Technology (NIST)”
By updating defenses across networks run by the Department of War, the Intelligence Community, and Federal Civilian Executive Branch organizations, the directive seeks to guarantee that the United States can successfully carry out military and intelligence operations inside contested cyber environments. NSPM-12 specifically repeals two significant prior directives, National Security Directive 42 (NSD-42) from 1990 and National Security Memorandum 8 (NSM-8) from 2022, in order to simplify this governance and do away with old protocols.
The memorandum restores and updates the Committee on National Security Systems (CNSS) for the first time in more than 35 years, which has a substantial structural impact on CISOs monitoring federal compliance and regulatory changes. The Secretary of War, the Director of National Intelligence, the Director of the Office of Management and Budget, and the Director of the National Security Agency (NSA) comprise the core membership of this reorganized committee, which is chaired by a member of the National Security Council. The Director of the NSA is authorized as the National Manager for NSS, which is crucial for organizational risk management since it gives them the power to advise the CNSS, issue emergency directives, and set authoritative minimum requirements for cryptography and cryptographic systems.
“Heads of civilian agencies are accountable for protection of classified material that is stored or processed on NSS that are owned or operated by such agencies.”
Because the CNSS has the authority to immediately provide agency heads, CIOs, and CISOs with binding instructions and complementing standards to quickly reduce known or suspected information security vulnerabilities, CISOs must keep a careful eye on this new unified structure.
Research Notes:
https://www.whitehouse.gov/presidential-actions/2026/06/national-security-presidential-memorandum-nspm-12/
About the Author
Carmen Estela is a Cybersecurity Research Analyst at Cyber Defense Magazine and a Women in Cybersecurity Award Candidate. She recently graduated with a Master’s of Science Degree from the University of Central and holds a Bachelor’s degree in Criminology from the University of Florida with certifications in Data Analytics and AI Fundamentals. She frequently speaks and volunteers at well-known industry gatherings, such as BSides Orlando and BSides Jax, where she offers her perspectives on emerging cyber trends. Carmen is committed to advancing the standards of governance, risk, and compliance within cybersecurity. She has also served as an adult protective investigator, police dispatcher, and legal intern, applying investigative skills across law enforcement, academic, and public service settings.
Reach her online at [email protected].
