Is this a new policy? Otherwise, why this sudden and broad implementation so that "suddenly none of the IT employees at the agency could do their jobs properly anymore" (according to the source).
It's pretty new, yes. The binding operational directive from CISA only came down in December. Agencies are in the midst of running the assessment tools and implementing the changes right now. See here: https://www.cisa.gov/news-events/directives/bod-25-01-implem....