US-Seal

EO Resource Center

How to Meet the Requirements of the Cybersecurity Executive Order

FAQs

What is the Cybersecurity Executive Order?

President Biden’s May 12 Executive Order (EO) is a comprehensive and ambitious directive for improving our nation’s cybersecurity after several recent high-profile attacks and incidents. Persistent threats and malicious activity on federal networks and infrastructure require an even closer partnership between the private and public sectors, in addition to an acceleration of modernization initiatives.

What are the requirements in the Executive Order?

The EO pushes government and industry to work together to modernize cybersecurity practices, secure software development, strengthen incident response, improve threat detection and information sharing, and accelerate investigation and remediation. Learn more about the requirements here.

What are the deadlines I need to comply with?

The EO’s earliest deadlines (May 26) have already passed but many of its most important milestones come in the months ahead. These aggressive deadlines push government and industry to work together in meeting the changes and requirements that will impact federal cybersecurity in the near term. This timeline highlights what needs to be done, when it needs to be completed, and who needs to take action.

What solutions can help me meet the EO requirements?

Meeting EO objectives requires solutions that:

 

  • Are cloud-based, deploy quickly, and provide rapid time to value
  • Enable adaptive MFA and risk-based authentication for all network assets
  • Use comprehensive PAM to secure privileged credentials and crown jewels
  • Secure cloud access and protect critical applications across the infrastructure
  • Enforce zero trust security and least privilege on all endpoints, apps, and identities
  • Enhance and standardize security operations with analytics and automation
  • Expand visibility and control of endpoints
  • Combine and enrich data to support proactive threat hunt and faster incident response

  • Are cloud-based, deploy quickly, and provide rapid time to value
  • Enable adaptive MFA and risk-based authentication for all network assets
  • Use comprehensive PAM to secure privileged credentials and crown jewels
  • Secure cloud access and protect critical applications across the infrastructure
  • Enforce zero trust security and least privilege on all endpoints, apps, and identities
  • Enhance and standardize security operations with analytics and automation
  • Expand visibility and control of endpoints
  • Combine and enrich data to support proactive threat hunt and faster incident response

Explore solutions with these capabilities here.

Why work with Merlin to help me meet EO requirements?

Merlin is a trusted cybersecurity advisor and technology provider that has supported the U.S. Government for nearly 25 years. Working closely with commercial organizations, we bring thoroughly vetted, best-in-class, federal-ready cybersecurity solutions that help government customers minimize security risks, simplify IT operations, and realize cost and resource efficiencies. With industry-leading partners, innovative solutions, and a secure cloud platform, we can help drive public-private collaboration that accelerates cybersecurity modernization and achieves the EO’s objectives. Let’s work together

Executive Order Resource Center

Featured Event

On-Demand Webinar: Accelerating Success After the Executive Order

EO 14028 tasks federal agencies with meeting aggressive timeframes for moving to cloud, adopting zero trust architecture, improving software supply chain security, and more. Some agencies are well on their way, but all of them must act quickly and decisively to meet new requirements and deadlines. Watch this recording of our MeriTalk webinar to learn:

  • How to fast-track your agency’s move to zero trust architecture
  • How to overcome the challenges of achieving FedRAMP requirements
  • How to use analytics and automation to improve incident detection and response
Watch Recording
Executive Order

Dive in: Key Sections of the Executive Order

We’ve read through the EO and believe that Sections 3, 4, 6, 7, and 8 are the most pivotal. Read a summary of these sections below and access the full EO here.

Section 1: Policy

President Biden’s May 12 Executive Order (EO) is a comprehensive and ambitious directive for improving our nation’s cybersecurity after several recent high-profile attacks and incidents. Persistent threats and malicious activity on federal networks and infrastructure require an even closer partnership between the private and public sectors, in addition to an acceleration of modernization initiatives.

Learn More

Section 2: Threat Info-Sharing

President Biden’s May 12 Executive Order (EO) is a comprehensive and ambitious directive for improving our nation’s cybersecurity after several recent high-profile attacks and incidents. Persistent threats and malicious activity on federal networks and infrastructure require an even closer partnership between the private and public sectors, in addition to an acceleration of modernization initiatives.

Learn More

Section 3: Modernization

Section 3 asks government to lead the adoption of best practices like zero trust and secure cloud services, and to consistently deploy foundational tools like multifactor authentication (MFA) and encryption. It also asks the GSA to modernize FedRAMP by establishing training, incorporating automation, and streamlining documentation.
Learn More

Section 4: Software Supply Chain

Section 4 establishes baseline security standards for the development of software—with a priority on critical software—sold to government, including requiring developers to have greater visibility into their software and making security data publicly available. This section also establishes a public-private process to develop new and innovative approaches for secure software development, helps the government use its buying power to demand software security standards are met, and creates a pilot program for product labels that confirm if software was developed securely.

Learn More

Section 5: Cyber Safety Review Board

President Biden’s May 12 Executive Order (EO) is a comprehensive and ambitious directive for improving our nation’s cybersecurity after several recent high-profile attacks and incidents. Persistent threats and malicious activity on federal networks and infrastructure require an even closer partnership between the private and public sectors, in addition to an acceleration of modernization initiatives.

Learn More

Section 6: IR Playbooks

Section 6 creates a standardized playbook and set of definitions for cyber incident response across the federal government to ensure all agencies meet certain thresholds and take uniform steps to identify and mitigate threats.

Learn More

Section 7: Threat Detection

Section 7 calls for a government-wide endpoint detection and response (EDR) system and improved, robust information sharing between agencies in order to enhance the ability to detect malicious activity on federal networks.

Learn More

Section 8: Investigation & Remediation

Section 8 creates cybersecurity event log requirements across the federal government so that agencies can better detect intrusions, mitigate in-progress attacks, and determine the extent of damage.

Learn More

Section 9: National Security Systems

President Biden’s May 12 Executive Order (EO) is a comprehensive and ambitious directive for improving our nation’s cybersecurity after several recent high-profile attacks and incidents. Persistent threats and malicious activity on federal networks and infrastructure require an even closer partnership between the private and public sectors, in addition to an acceleration of modernization initiatives.

Learn More

Section 10: Definitions

President Biden’s May 12 Executive Order (EO) is a comprehensive and ambitious directive for improving our nation’s cybersecurity after several recent high-profile attacks and incidents. Persistent threats and malicious activity on federal networks and infrastructure require an even closer partnership between the private and public sectors, in addition to an acceleration of modernization initiatives.

Learn More

Section 11: General Provisions

President Biden’s May 12 Executive Order (EO) is a comprehensive and ambitious directive for improving our nation’s cybersecurity after several recent high-profile attacks and incidents. Persistent threats and malicious activity on federal networks and infrastructure require an even closer partnership between the private and public sectors, in addition to an acceleration of modernization initiatives.

Learn More