Executive Order 14028: Progress and What’s Next for Federal Cybersecurity

In May 2021, the White House issued Executive Order 14028: Improving the Nation’s Cybersecurity, a sweeping directive aimed at strengthening the federal government’s ability to prevent, detect, and respond to cyber threats. Nearly four years later, where do things stand, and what’s next for federal leaders tasked with implementation?

Progress to Date

Since its release, EO 14028 has driven major changes in how federal agencies approach cybersecurity. Notable progress includes:

• Adoption of Zero Trust: Agencies are implementing Zero Trust architectures following the Office of Management and Budget’s (OMB) government-wide strategy released in 2022.

• Improved Threat Intelligence Sharing: Agencies and contractors are now required to share information about cyber incidents, closing longstanding gaps in situational awareness.

• Enhanced Software Supply Chain Security: The National Institute of Standards and Technology (NIST) has issued guidelines for secure software development, with federal contractors expected to comply.

• Government-wide Logging and Monitoring: Mandates for event logging and centralized visibility have strengthened agencies’ detection and response capabilities.

• Cloud Security Momentum: Many agencies accelerated cloud adoption while integrating advanced security controls to comply with EO requirements.

Challenges That Remain

Despite progress, several hurdles remain:

• Legacy IT Systems: Many agencies still rely on outdated infrastructure that complicates modernization and security integration.

• Funding Constraints: While the Technology Modernization Fund (TMF) provides support, demand for resources far exceeds supply.

• Workforce Shortages: Agencies struggle to recruit and retain skilled cybersecurity professionals needed for full compliance.

• Contractor Compliance: Ensuring the entire federal supply chain meets security standards remains an ongoing challenge.

What’s Next?

Looking ahead, EO 14028 is expected to evolve into long-term policy and regulation. Federal leaders should prepare for:

• Deeper Zero Trust Integration: Agencies will need to demonstrate measurable progress across identity, endpoints, networks, and applications.

• Expanded Software Bill of Materials (SBOM) Requirements: More stringent contractor reporting and validation will become the norm.

• Increased Cross-Agency Collaboration: Shared services and common cybersecurity frameworks will likely expand to avoid duplication of effort.

• Metrics and Accountability: Agencies will be evaluated not only on compliance but on mission resilience and real-world outcomes.

Bottom Line

Executive Order 14028 has already reshaped federal cybersecurity strategy, but much work remains. Federal CIOs, CTOs, and CISOs should continue to view the EO not as a compliance exercise but as a catalyst for building a stronger, more resilient digital government.

For more insights on federal technology leadership and cybersecurity, visitCISOmeet.org.