Executive Order 14028: Improving the Nation's Cybersecurity

Executive Order (EO) 14028 - "Improving the Nation's Cybersecurity" (issued May 12, 2021) requires agencies to enhance cybersecurity and software supply chain integrity.

Summary of EO 14028 requirements

Requires service providers to share cyber incident and threat information that could impact Government networks
Moves the Federal government to secure cloud services, zero-trust architecture, and mandates deployment of multifactor authentication and encryption within a specific time period
Establishes baseline security standards for development of software sold to the government, including requiring developers to maintain greater visibility into their software and making security data publicly available
Establishes a Cybersecurity Safety Review Board, co-chaired by government and private sector leads, that may convene following a significant cyber incident to analyze what happened and make recommendations for improving cybersecurity
Creates a standardized playbook and set of definitions for cyber incident response by Federal departments and agencies
Improves the ability to detect malicious cyber activity on Federal networks by enabling a government-wide endpoint detection and response system and improved information sharing within the Federal government
Creates cybersecurity event log requirements for Federal departments and agencies
Requires amendments to the FAR to align with requirements in the EO

What contractors can expect

Modification of contract language to reflect new guidance from NIST and CISA. If your company cannot accept the modification, you will not be able to sell to the Federal government
GSA will keep you informed; communicating with you regarding all major developments
Future updates to the Federal Acquisition Regulation (FAR)

What contractors can do

Read and understand the Executive Order and related memos

Provide feedback

Look out for the FAR rules’ public comment periods and provide feedback.

Update your compliance program

Stay on top of proposed updates to the FAR and prepare for changes that could impact your entity’s compliance.

Educate

Communicate and train your purchasing/procurement and materials management professionals to ensure they are familiar with your compliance plan and potential changes.

Why these changes are important

Adversaries are using increasingly sophisticated methods and cyber operations to attack the supply chain, gain access to critical infrastructure, and steal sensitive information.
Foreign owned or controlled Information and Communications Technology (ICT) products may create vulnerabilities in U.S. Supply Chains.
IT providers are often hesitant or unable to voluntarily share information about a cyber incident.
The private sector must adapt to the continuously changing threat environment, ensure its products are built and operate securely, and partner with the Federal Government to foster a more secure cyberspace.
The planned FAR rules will ensure contractors keep national security interests in mind by requiring contractors to follow a set of standardized rules when doing business with the Federal government.

Resources

Tell us what you think

Last Reviewed: 2023-04-11

PER DIEM LOOK-UP

1 Choose a location

Error, The Per Diem API is not responding. Please try again later.

No results could be found for the location you've entered.

State

City (optional)

ZIP

Rates for Alaska, Hawaii, U.S. Territories and Possessions are set by the Department of Defense.

Rates for foreign countries are set by the State Department.

2 Choose a date

Select Fiscal Year

Travel start date (mm/dd/yyyy)

Travel end date (mm/dd/yyyy)

Rates are available between 10/1/2020 and 09/30/2023.

The End Date of your trip can not occur before the Start Date.