Executive Order 14028: What You Need to Know

Executive Order 14028: What You Need to Know

What Is Executive Order 14028 (U.S. Cybersecurity Executive Order)? 

Executive Order 14028, signed in May 2021, represents a significant overhaul of U.S. cybersecurity policies and practices. Its primary focus is to strengthen national cybersecurity defenses, particularly in the face of increasingly sophisticated and frequent cyberattacks. This comprehensive directive outlines specific actions and strategies for federal agencies and the broader cybersecurity community.

Key aspects of the order include the implementation of more stringent cybersecurity standards and practices across federal agencies. This includes modernizing existing cybersecurity infrastructure, adopting advanced cybersecurity technologies, and enhancing overall cyber resilience. The order places a strong emphasis on securing critical infrastructure and improving the government’s ability to identify, deter, and respond to cyber threats. Pursuant to this EO, NIST released a new cybersecurity framework to help organizations and agencies comply with the directives that follow. 

In addition, the order mandates the development of standards, tools, and best practices for securing software supply chains. Recognizing the vulnerabilities exposed in recent cyberattacks, the directive stresses the importance of ensuring the security and integrity of software used by federal agencies.

Collaboration and information sharing are also central tenets of the order. It encourages a partnership between the public and private sectors, fostering a unified approach to national cybersecurity. This includes the sharing of threat intelligence and security best practices, as well as collaborative efforts in developing new cybersecurity technologies and strategies.

Click here to read the full text of the Executive Order.

Related content: This is part of an extensive series of guides about PCI compliance.

Who is Affected by Executive Order 14028? 

While Executive Order 14028 primarily affects federal agencies, it is also relevant to other organizations, including state and local governments, law enforcement, contractors, and private sector organizations. Let’s explore this in more detail.

Government Agencies

Government agencies are at the forefront of the order’s impact. They are required to make significant changes to their cybersecurity practices, including adopting zero trust architectures, implementing secure cloud services, and enhancing software supply chain security.

Moreover, they are tasked with developing new guidelines and standards for the broader cybersecurity industry. This involves collaborating with the private sector and academia, leveraging their expertise to enhance national cybersecurity.

State and Local Municipalities, Law Enforcement

State and local municipalities, along with law enforcement, are also affected by the order. They are required to align their cybersecurity practices with new standards, enhancing their ability to protect sensitive data and critical infrastructure.

Moreover, they play a crucial role in implementing the order at the local level. They are responsible for enforcing the new guidelines and ensuring compliance among local agencies as well as organizations doing business with municipal, state, and federal government entities.


Contractors working with federal agencies are another group impacted by the order. The order requires them to share data about cybersecurity threats with the federal government. Additionally, they are required to meet the new cybersecurity standards, ensuring the security of the federal data they handle. 

This means implementing robust cybersecurity measures, including encryption, secure development practices, and regular security audits. It also involves providing transparency into their security practices, helping agencies assess their risk and make informed decisions.

Executive Order 14028: Summary of Key Requirements and Goals 

Strengthening cybersecurity defenses throughout the United States

Enhancing the nation’s cybersecurity defenses is a central focus of Executive Order 14028. With sophisticated cyber threats on the rise, the directive calls for a thorough, layered approach to defense. This includes not only fortifying existing defenses but also proactively identifying and addressing potential security vulnerabilities.

This effort is not limited to government agencies. The order encourages private sector organizations to adopt similar security practices, emphasizing the need for a collective, nationwide response to the cybersecurity challenges we face. In essence, the order seeks to build a unified, resolute front against cyber threats.

Enhancing software supply chain security

The software supply chain has emerged as a significant area of vulnerability, as highlighted by recent high-profile cyber attacks. Executive Order 14028 directs federal agencies and contractors to take steps to significantly enhance the security of the software supply chain.

This means ensuring that software products are developed and delivered in a secure manner, free from vulnerabilities that could be exploited by malicious actors. The order also calls for greater transparency in the software development process, enabling users to make informed decisions about the security of the products they use.

Modernizing federal agency cybersecurity tools and playbooks

The Executive Order recognizes that many federal agencies are operating with outdated cybersecurity tools and practices. To address this, the order mandates the modernization of federal agency cybersecurity tools and playbooks.

This includes deploying cutting-edge cybersecurity technologies, adopting best practices for risk management, and ensuring that federal agencies have the resources they need to respond effectively to cyber incidents. Moreover, the order seeks to foster a culture of continuous learning and improvement, with agencies regularly reviewing and updating their cybersecurity practices based on the latest threat intelligence.

Improved detection and reporting of cybersecurity incidents

Effective detection is a critical component of any cybersecurity strategy. Executive Order 14028 calls for significant improvements in the detection of cybersecurity incidents. This includes enhancing threat intelligence sharing between government agencies and the private sector, and deploying advanced detection technologies.

The order also mandates the establishment of a standardized playbook for responding to cyber incidents, ensuring that federal agencies are well-prepared to react swiftly and effectively when incidents do occur.

How to Establish a Cyber Safety Review Board

Another innovative aspect of the Executive Order is the establishment of a Cyber Safety Review Board. This board, which will include representatives from both the government and private sector, will be tasked with reviewing and learning from significant cyber incidents.

The board will function much like the National Transportation Safety Board, conducting in-depth analyses of major cybersecurity incidents and making recommendations to prevent similar incidents in the future. Through this collaborative effort, the order aims to foster a culture of continual learning and improvement in the cybersecurity field.

How to Comply with Executive Order 14028 

Here are a few steps U.S. government contractors can take to align their cybersecurity practices with Executive Order 14028. 

Create a Response Playbook

One of the key requirements of the order is the creation of a standardized response playbook for cyber incidents. This playbook should detail the steps that need to be taken in the event of a cyber incident, including the roles and responsibilities of the response team, communication protocols, and procedures for investigating and mitigating the incident.

Use a software bill of materials (SBOM) for third-party software and provide SBOM for software under development

Another requirement is the development and review of a software bill of materials (SBOM). An SBOM is a detailed inventory of the components, including tools and libraries, used in a software product, providing transparency into the software supply chain.

The order requires organizations to create SBOMs for software they develop, and review SBOMs for third-party software they use, to identify any potential vulnerabilities and take appropriate remedial action. This process is crucial for ensuring the security of the software supply chain.

Implement a file integrity monitoring process

The order also mandates the implementation of a robust file integrity monitoring (FIM) process. FIM is a critical cybersecurity practice that involves monitoring files for changes that could indicate a security breach.

By implementing a robust FIM process or solution, organizations can quickly detect unauthorized changes to critical files and respond accordingly, preventing potential security incidents before they can cause significant damage.

Implement a zero trust architecture or solution

Finally, the order calls for the implementation of a zero trust architecture or solution. Zero trust is a security model that assumes no user or device is trustworthy by default, regardless of their location or network.

By implementing a zero trust architecture, organizations can significantly enhance their cybersecurity defenses, effectively mitigating the risk of both insider threats and external cyber attacks.

U.S. Federal Security Standards Compliance with Exabeam

At Exabeam, trust is the cornerstone of how we operate — encompassing everything from how we build our products to how we run our operations. 

The Exabeam AI-driven Security Operations Platform provides a centralized mechanism where each application team can send events to the audit log for compliance and threat detection use cases. Users will store audit events for the duration of their contract terms, search and action the events as they would any other 3rd-party logs in the Exabeam Platform. Users may configure correlation rules against the audit log to detect non-compliance events and may configure dashboards with any events in the event store, including audit log events.

Audit logs represent the user, object, or setting events in your organization. Specific events related to all Exabeam users are logged, including activities within the user interface and configuration activities. Exabeam stores all audit logs and provides a query interface in Search that you can use to find and export audit logs. This, along with visualization in Dashboards and exporting, is especially useful for reviewing activities for official audits 

Related content: Learn more about Exabeam Compliance.