Jane Edwards 
- Knox Systems’ Hemant Baidwan asserts NSPM-12 offers a clearer framework for securing NSS
- Memo reestablishes CNSS and reinforces NSA oversight of NSS
- Baidwan says execution will determine the policy’s success
Hemant Baidwan, chief information security officer at Knox Systems, said the White House’s National Security Presidential Memorandum 12, or NSPM-12, provides federal agencies and industry partners with a clearer framework for securing national security systems, or NSS, while strengthening accountability across the cybersecurity ecosystem.
In comments shared exclusively with ExecutiveBiz, Baidwan said NSPM-12 updates longstanding guidance governing classified and sensitive systems that support defense, intelligence and national security missions.
Why Does Baidwan View NSPM-12 as a Significant Update?
According to Baidwan, NSPM-12 rescinds previous directives and replaces them with a governance model better aligned with today’s operating environment.
“The biggest shift is that NSPM-12 rescinds older guidance, including NSD-42 from 1990 and NSM-8 from 2022, and replaces it with a more modern approach,” he told us.
Baidwan, former CISO at the Department of Homeland Security, said the cybersecurity landscape has evolved significantly as agencies increasingly rely on cloud environments, shared services, artificial intelligence-enabled tools and other commercial technologies.
He describes the memorandum as “the most significant governance update to NSS cybersecurity in decades.”
How Does the Presidential Memo Improve Accountability?
Baidwan said NSPM-12 reestablishes the Committee on National Security Systems and expands its role in establishing baseline cybersecurity requirements, releasing directives and promoting consistency across NSS.
The Knox executive also highlighted the memorandum’s reinforcement of the National Security Agency’s role as the national manager for NSS.
“What I like about NSPM-12 is that it sharpens accountability,” Baidwan wrote.
He added that clearer ownership is important because uncertainty around standards and enforcement has historically complicated efforts to achieve consistent cybersecurity outcomes across the NSS community.
What Should Agencies Focus on Moving Forward?
Baidwan said NSPM-12 strengthens alignment with the National Institute of Standards and Technology’s cybersecurity standards and related practices and supports a more measurable approach to risk management.
He noted that agencies need “clear baselines, repeatable controls, better metrics and a way to show whether risk is actually going down.”
According to Baidwan, the memo also advances discussions around secure cloud adoption, incident reporting, posture management, metrics and inventories.
“The key now is execution,” he said. “If this turns into clear baselines, repeatable cloud patterns, better visibility, stronger reporting and faster remediation, NSPM-12 can be a real modernization moment for the systems that matter most.”
Who Is Hemant Baidwan?
As CISO at Knox Systems, Hemant Baidwan oversees enterprise cybersecurity strategy and supports the development of AI-enabled and cloud-native security capabilities.
Prior to joining Knox Systems, Baidwan served as CISO and acting deputy chief information officer at the Department of Homeland Security, where he led cybersecurity efforts across one of the largest civilian federal environments. In that role, he was responsible for protecting mission-critical systems and supporting agency-wide security operations across a complex federal IT landscape.
He also served as an inaugural member of the FedRAMP Board and as vice chair of the Federal CISO Council.
