July 26, 2021

EO 14028 is “right on time,” but challenges remain in race to develop software

Karlene Berger
Photo by Andy Feliciotti on Unsplash

The Biden Administration’s Cybersecurity Order (also known as EO 14028) is a welcome development. Not long after it was introduced, Petko offered perspective on the Zero Trust aspect. Now, there's more to talk about.

The Cybersecurity Executive Order dictated publishing guidance outlining security measures for critical software, on Day 60 (see highlighted section in the image below), including vendor testing of source code – published July 11, 2021.

Biden Administration Cybersecurity EO - Section 4 Tasks and Timelines

Source: NIST

What does this mean for development of critical software and DevSecOps?
Executive Order 14028 was created to ensure shoring up cybersecurity for the US Government.  NIST is creating and outlining workable frameworks to guide our government into true best practices for software development.  NIST published standards for vendor testing of SW Source Code.

It then defines eleven tasks and techniques which comprise the recommended software verification minimums. The twelfth task, fixing critical bugs, is included for completeness.” – source, NIST

Still seeing continued challenges for highly secure environments…

For agencies and organizations that deal with highly secure environments, its going to take ingenuity to be able to follow these standards and practices.  The challenge remains that these organizations can’t hire enough qualified and highly-cleared developers, to develop, test, and deploy software – within highly cleared environments. And there remains the challenge of software supply chain security, utilizing modern code libraries and practices, like GitHub or Bitbubble.


Forcepoint is ready to get creative for DevSecOps with your team.

We have specialists that can help you set your development organizations up for success, applying some creativity at how to develop software outside of high side networks, and ensure the ability to follow modern software development practices utilizing Git, while ensuring supply chain and security overall.

Create a path to success and learn more from our DevSecOps in highly secure Environments eBook.

Karlene Berger

Karlene serves as Sr. Director, Product Marketing for Global Governments and Critical Infrastructure (G2CI). She has spent her career following her core passion:  Problem Solving as an Enabler to Innovation. Her experience includes roles in Mechanical Design and Software Product Design,...

Read more articles by Karlene Berger

About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.