Executive Order 14028 Explained
Introducing Executive Order 14028
Cyber-attacks have become increasingly sophisticated and put every individual and nation at risk. These attacks threaten both U.S. democracy and governmental properties of work.
The federal government is working towards implementing crucial infrastructure to combat rapid growth across the cybersecurity space, driven by such federal cybersecurity regulations as Executive Order (EO) 14028 on Improving the Nation’s Cybersecurity. The order, adopted in May 2021, applies modernization practices such as cloud adoption, secure software development practices, and Software Supply Chain Security to protect the government’s sensitive data and overarching national safety. EO 14028 consists of six key points:
- Incident and threat sharing between the government and the private sector
- Modernize and implement more robust federal cybersecurity
- Improve software supply chain security
- Establish a Cyber Safety Review Board
- Create an industrywide crisis plan in response to cybersecurity vulnerabilities and attacks
- Improve implementation and solution capabilities
Adapting to changes
The order primarily impacts IT cybersecurity across the federal space and its contract providers. Cybersecurity teams should anticipate a change in contract language to meet updated NIST and CMMC guidelines and development communications from both FAR and GSA.
Implementing EO 14028 brings the Executive-level support needed to drive necessary changes in defense of critical IT infrastructure and the security to protect it. Sophisticated cyberattacks, the vulnerabilities in legacy software, and hesitancy in sharing cyber threats required changes between government contract agents and the federal government. Secure cyberspace can be built, operated, and maintained with the partnership between both groups.
What’s to come
As a relatively new EO, changes are constant. Investment into the EO is set to continue into 2024 with an emphasis on Zero Trust, IT modernization, and cross-agency collaboration. Cybersecurity efforts aim to minimize attacks and provide an outline for proactive protection from these attacks.
Modernization within the government contracting space
The proposal of EO 14028 called for immediate actions to be taken within the government to deal with cyber operations. Government contract agents, such as RELI Group, directly handled the changes within infrastructure head-on.
In support of modernization efforts, RELI has moved NPPES from an on-premises solution to a total Cloud deployment and incorporated a DevSecOps approach. RELI also rapidly assessed gaps and achieved ATOs for the on-premises and cloud environments within our integrated format with our federal counterparts, including CMS. As a partner in the adaptation of 14028, RELI moved forward with the total transformation of multi-factor authentication and single sign-on with our infrastructure. This effort has led to additional integration modeling with other enterprise solutions, such as the CRM tool, TechnoMile.
Learn about EO 14028 and more at the RELI-sponsored conference, CyberMaryland!
EO 14028 will be at the center of various topics at the upcoming annual CyberMaryland Conference in March, including industry and federal government speakers. . RELI Group is sponsoring this governance and policy forum, and invites you to join in the discussion!
To learn more about RELI’s cybersecurity efforts for state and federal regulation, please visit https://www.religroupinc.com/capability/cyber-security-operations/.