Educational Information Only

This page provides general educational information about cybersecurity laws and regulations. It does not constitute legal advice, legal interpretation, or a substitute for professional legal counsel. Laws change frequently. Always consult a qualified attorney and verify current requirements directly from official government sources before making compliance decisions. DecipherU is not a law firm and does not provide legal services.

Executive Order 14028: Improving the Nation's Cybersecurity

US FederalGovernment & Public Sector2021

ByJulian Calvo, Ed.D., MBA, M.S.April 2026

EO 14028 is a landmark cybersecurity executive order requiring federal agencies to adopt zero trust architecture, improve software supply chain security, and standardize incident response. It mandated the creation of the SBOM (Software Bill of Materials) framework and required federal agencies to deploy EDR solutions. NIST developed updated software security guidance in response.

Quick Reference

EnactedMay 12, 2021

Enforcement BodyOMB, CISA, NIST

PenaltiesAgencies face OMB oversight and potential budget impacts for noncompliance

Applicable ToFederal agencies and software vendors selling to the federal government

Key Requirements

Section 3 (Modernizing Federal Government Cybersecurity)

Federal agencies must adopt zero trust architecture, with plans submitted within 60 days

Section 4 (Enhancing Software Supply Chain Security)

NIST must publish guidelines for software supply chain security; vendors must provide SBOMs to federal buyers

Section 7 (Improving Detection of Vulnerabilities)

Federal agencies must deploy endpoint detection and response (EDR) solutions

Section 8 (Improving Investigative and Remediation Capabilities)

Agencies must maintain network and system logs meeting specified retention and management standards

How Does EO 14028 Affect Cybersecurity Careers?

Security architects implementing zero trust designs in federal environments work directly under EO 14028 mandates. DevSecOps engineers managing software supply chain security (SBOM generation, vulnerability scanning) fill roles created by this order. SOC analysts benefit from the expanded EDR and logging requirements.

How Does EO 14028 Affect Cybersecurity Sales?

EO 14028 drove a wave of federal spending on zero trust, EDR, and SBOM tools. Cybersecurity vendors should demonstrate how their products support zero trust principles. SBOM generation and software composition analysis (SCA) tools have a clear federal mandate.

Cybersecurity Roles That Work With EO 14028

Security Architect→Security Engineer→SOC Analyst→

Related Cybersecurity Certifications

CISSP CCSP CompTIA Security+

Related Cybersecurity Laws

Federal Information Security Modernization Act→Cybersecurity and Infrastructure Security Agency Act of 2018→Federal Risk and Authorization Management Program→

Read the full text of EO 14028 at the official source: https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/

Frequently Asked Questions

What is EO 14028 in cybersecurity?

How does EO 14028 affect cybersecurity careers?

What are the penalties for EO 14028 non-compliance?

Agencies face OMB oversight and potential budget impacts for noncompliance

Educational Information Only

Sources

Official text: EO 14028

Last verified: April 2026Report an inaccuracy

Explore Related Cybersecurity Resources

Career GuideSecurity Architect cybersecurity career guideRead the full career guide for Security Architect roles Career GuideSecurity Engineer cybersecurity career guideRead the full career guide for Security Engineer roles CertificationCissp cybersecurity certification guideCost, exam format, and career impact details LawFisma cybersecurity law summaryRequirements, penalties, and career impact

Get cybersecurity career insights delivered weekly

Join cybersecurity professionals receiving weekly intelligence on threats, job market trends, salary data, and career growth strategies.

Get Cybersecurity Career Intelligence

Weekly insights on threats, job trends, and career growth.

Unsubscribe anytime. More options

Executive Order 14028: Improving the Nation's Cybersecurity

US FederalGovernment & Public Sector2021

Quick Reference

EnactedMay 12, 2021

Enforcement BodyOMB, CISA, NIST

PenaltiesAgencies face OMB oversight and potential budget impacts for noncompliance

Applicable ToFederal agencies and software vendors selling to the federal government

Key Requirements

Section 3 (Modernizing Federal Government Cybersecurity)

Federal agencies must adopt zero trust architecture, with plans submitted within 60 days

Section 4 (Enhancing Software Supply Chain Security)

NIST must publish guidelines for software supply chain security; vendors must provide SBOMs to federal buyers

Section 7 (Improving Detection of Vulnerabilities)

Federal agencies must deploy endpoint detection and response (EDR) solutions

Section 8 (Improving Investigative and Remediation Capabilities)

Agencies must maintain network and system logs meeting specified retention and management standards

How Does EO 14028 Affect Cybersecurity Careers?

How Does EO 14028 Affect Cybersecurity Sales?

Frequently Asked Questions

What is EO 14028 in cybersecurity?

How does EO 14028 affect cybersecurity careers?

What are the penalties for EO 14028 non-compliance?

Agencies face OMB oversight and potential budget impacts for noncompliance

Educational Information Only

Get cybersecurity career insights delivered weekly

Join cybersecurity professionals receiving weekly intelligence on threats, job market trends, salary data, and career growth strategies.

Get Cybersecurity Career Intelligence

Weekly insights on threats, job trends, and career growth.

Unsubscribe anytime. More options