What EO 14028 Gets Right — And the Execution Layer It Implies but Does Not Name
The Colonial Pipeline ransomware attack in 2021 made the stakes undeniable. President Biden signed Executive Order 14028 to raise national cybersecurity standards in direct response to that incident and the steep rise in attacks that preceded it. No policy document produces a perfect set of defenses, and malicious actors will always evolve in their tactics. But EO 14028 gets a great deal right, and it also points, implicitly, at a control it did not name — one the industry is now building.
EO 14028 Makes It Harder for Malicious Activity to Reach Federal Networks
Federal agencies are now required to operate on secure cloud services with Zero Trust architecture. Users can only gain access to federal information through multi-factor authentication, which adds meaningful friction to credential-based attacks. These requirements address the identity layer of Zero Trust directly and meaningfully, and the mandate has accelerated Zero Trust adoption well beyond the federal government into the private sector organizations that serve it.
Higher Baseline Standards Elevate Every Line of Defense
EO 14028 institutes higher security standards for the software every federal agency uses. NIST now oversees key initiatives including guidance for safeguarding software supply chains, minimum standards for software development, and security measures for critical software. Incident response standards also received a meaningful upgrade, with standard playbooks made publicly available by CISA covering everything from active breach of response through post-incident follow-up steps.
Timely Post-Attack Information Closes Gaps Faster
EO 14028 updates FAR and DFARS language to require vendors to report incidents and share detailed, timely information about cyberattacks. Who was attacked, when, and how intelligence can be shared across industry professionals and government experts, and the more quickly that information moves, the less time threat actors have to operate undetected across multiple targets.
Collaboration Between Public and Private Sectors Improves Detection
EO 14028 encourages information sharing between federal agencies and private sector organizations. The Cybersecurity Safety Review Board, which includes leaders from both, was established under the order and convenes after significant incidents to analyze what happened and recommend ways to prevent future attacks. Its first meeting focused on the vulnerabilities exploited in the log4j library, a direct response to one of the most widespread software supply chain exposures in recent history.
The Execution Layer EO 14028 Points to but Does Not Name
EO 14028 mandated Zero Trust architecture for identity and network access. It required SBOM documentation and software supply chain governance. It raised development and incident response standards significantly. What it did not specify, because the category did not yet exist in defined form, is Zero Trust for Code: the control that governs what software is actually authorized to execute.
An SBOM documents what components are in the software. It does not verify what those components will do when they run. Vendor attestation to NIST SSDF confirms a vendor’s development process. It does not confirm that the delivered artifact contains no behavioral capabilities that violate execution policy. Code signing confirms origin. It does not confirm behavior.
Pre-execution behavioral intent analysis deconstructs every artifact before execution is authorized and produces a deterministic verdict: Allow, Block, Contain, or Escalate, backed by forensic evidence and auditable against explicit policy. EO 14028 laid the groundwork. Zero Trust for Code closes the loop. Find out how CodeHunter helps federal contractors and enterprise organizations build the execution governance layer that EO 14028 points toward.
