EO Resource Center
How to Meet the Requirements of the Cybersecurity Executive Order
Menu Filters
FAQs
What is the Cybersecurity Executive Order?
President Biden’s May 12 Executive Order (EO) is a comprehensive and ambitious directive for improving our nation’s cybersecurity after several recent high-profile attacks and incidents. Persistent threats and malicious activity on federal networks and infrastructure require an even closer partnership between the private and public sectors, in addition to an acceleration of modernization initiatives.
What are the requirements in the Executive Order?
The EO pushes government and industry to work together to modernize cybersecurity practices, secure software development, strengthen incident response, improve threat detection and information sharing, and accelerate investigation and remediation. Learn more about the requirements here.
What are the deadlines I need to comply with?
The EO’s earliest deadlines (May 26) have already passed but many of its most important milestones come in the months ahead. These aggressive deadlines push government and industry to work together in meeting the changes and requirements that will impact federal cybersecurity in the near term. This timeline highlights what needs to be done, when it needs to be completed, and who needs to take action.
What solutions can help me meet the EO requirements?
Meeting EO objectives requires solutions that:
- Are cloud-based, deploy quickly, and provide rapid time to value
- Enable adaptive MFA and risk-based authentication for all network assets
- Use comprehensive PAM to secure privileged credentials and crown jewels
- Secure cloud access and protect critical applications across the infrastructure
- Enforce zero trust security and least privilege on all endpoints, apps, and identities
- Enhance and standardize security operations with analytics and automation
- Expand visibility and control of endpoints
- Combine and enrich data to support proactive threat hunt and faster incident response
- Are cloud-based, deploy quickly, and provide rapid time to value
- Enable adaptive MFA and risk-based authentication for all network assets
- Use comprehensive PAM to secure privileged credentials and crown jewels
- Secure cloud access and protect critical applications across the infrastructure
- Enforce zero trust security and least privilege on all endpoints, apps, and identities
- Enhance and standardize security operations with analytics and automation
- Expand visibility and control of endpoints
- Combine and enrich data to support proactive threat hunt and faster incident response
Why work with Merlin to help me meet EO requirements?
Merlin is a trusted cybersecurity advisor and technology provider that has supported the U.S. Government for nearly 25 years. Working closely with commercial organizations, we bring thoroughly vetted, best-in-class, federal-ready cybersecurity solutions that help government customers minimize security risks, simplify IT operations, and realize cost and resource efficiencies. With industry-leading partners, innovative solutions, and a secure cloud platform, we can help drive public-private collaboration that accelerates cybersecurity modernization and achieves the EO’s objectives. Let’s work together
Featured Event
On-Demand Webinar: Accelerating Success After the Executive Order
EO 14028 tasks federal agencies with meeting aggressive timeframes for moving to cloud, adopting zero trust architecture, improving software supply chain security, and more. Some agencies are well on their way, but all of them must act quickly and decisively to meet new requirements and deadlines. Watch this recording of our MeriTalk webinar to learn:
- How to fast-track your agency’s move to zero trust architecture
- How to overcome the challenges of achieving FedRAMP requirements
- How to use analytics and automation to improve incident detection and response
Dive in: Key Sections of the Executive Order
We’ve read through the EO and believe that Sections 3, 4, 6, 7, and 8 are the most pivotal. Read a summary of these sections below and access the full EO here.
Section 1: Policy
President Biden’s May 12 Executive Order (EO) is a comprehensive and ambitious directive for improving our nation’s cybersecurity after several recent high-profile attacks and incidents. Persistent threats and malicious activity on federal networks and infrastructure require an even closer partnership between the private and public sectors, in addition to an acceleration of modernization initiatives.
Section 2: Threat Info-Sharing
President Biden’s May 12 Executive Order (EO) is a comprehensive and ambitious directive for improving our nation’s cybersecurity after several recent high-profile attacks and incidents. Persistent threats and malicious activity on federal networks and infrastructure require an even closer partnership between the private and public sectors, in addition to an acceleration of modernization initiatives.
Section 3: Modernization
Section 4: Software Supply Chain
Section 4 establishes baseline security standards for the development of software—with a priority on critical software—sold to government, including requiring developers to have greater visibility into their software and making security data publicly available. This section also establishes a public-private process to develop new and innovative approaches for secure software development, helps the government use its buying power to demand software security standards are met, and creates a pilot program for product labels that confirm if software was developed securely.
Section 5: Cyber Safety Review Board
President Biden’s May 12 Executive Order (EO) is a comprehensive and ambitious directive for improving our nation’s cybersecurity after several recent high-profile attacks and incidents. Persistent threats and malicious activity on federal networks and infrastructure require an even closer partnership between the private and public sectors, in addition to an acceleration of modernization initiatives.
Section 7: Threat Detection
Section 7 calls for a government-wide endpoint detection and response (EDR) system and improved, robust information sharing between agencies in order to enhance the ability to detect malicious activity on federal networks.
Section 8: Investigation & Remediation
Section 9: National Security Systems
President Biden’s May 12 Executive Order (EO) is a comprehensive and ambitious directive for improving our nation’s cybersecurity after several recent high-profile attacks and incidents. Persistent threats and malicious activity on federal networks and infrastructure require an even closer partnership between the private and public sectors, in addition to an acceleration of modernization initiatives.
Section 10: Definitions
President Biden’s May 12 Executive Order (EO) is a comprehensive and ambitious directive for improving our nation’s cybersecurity after several recent high-profile attacks and incidents. Persistent threats and malicious activity on federal networks and infrastructure require an even closer partnership between the private and public sectors, in addition to an acceleration of modernization initiatives.
Section 11: General Provisions
President Biden’s May 12 Executive Order (EO) is a comprehensive and ambitious directive for improving our nation’s cybersecurity after several recent high-profile attacks and incidents. Persistent threats and malicious activity on federal networks and infrastructure require an even closer partnership between the private and public sectors, in addition to an acceleration of modernization initiatives.