EO 14028 is “right on time,” but challenges remain in race to develop software
The Biden Administration’s Cybersecurity Order (also known as EO 14028) is a welcome development. Not long after it was introduced, Petko offered perspective on the Zero Trust aspect. Now, there's more to talk about.
The Cybersecurity Executive Order dictated publishing guidance outlining security measures for critical software, on Day 60 (see highlighted section in the image below), including vendor testing of source code – published July 11, 2021.
What does this mean for development of critical software and DevSecOps?
Executive Order 14028 was created to ensure shoring up cybersecurity for the US Government. NIST is creating and outlining workable frameworks to guide our government into true best practices for software development. NIST published standards for vendor testing of SW Source Code.
“It then defines eleven tasks and techniques which comprise the recommended software verification minimums. The twelfth task, fixing critical bugs, is included for completeness.” – source, NIST
Still seeing continued challenges for highly secure environments…
For agencies and organizations that deal with highly secure environments, its going to take ingenuity to be able to follow these standards and practices. The challenge remains that these organizations can’t hire enough qualified and highly-cleared developers, to develop, test, and deploy software – within highly cleared environments. And there remains the challenge of software supply chain security, utilizing modern code libraries and practices, like GitHub or Bitbubble.
Forcepoint is ready to get creative for DevSecOps with your team.
We have specialists that can help you set your development organizations up for success, applying some creativity at how to develop software outside of high side networks, and ensure the ability to follow modern software development practices utilizing Git, while ensuring supply chain and security overall.
Create a path to success and learn more from our DevSecOps in highly secure Environments eBook.