Preparing for Executive Order 14028

We are parsing through the text of President Biden's Executive Order 14028 so you don't have to. The Order is 18 pages long, with plenty of deadlines but no dates, dependencies that are hard to unravel, and an alphabet's soup of acronyms. 

The aDolus team has converted our previous EO Timeline to a web page that more easily handles all the sections and associated dates & deadlines. Bookmark it and stay on top of the EO! Handy EO14028 Timeline

We are working through the Order section by section. To get updates, Subscribe over on the right and we'll share when we have new EO14028 Timelines and commentary as we finish them. Below are a list of blog posts with more detailed observations from Eric Byres.

Blog Posts With Commentary

Part 4: Sec 3. Modernizing Federal Government Cybersecurity
Highlights: less fog more cloud, multi-factor authentication, encryption, secure cloud adoption practices, incident response services

Part 3: So You Don’t Sell to the Feds…

Highlights: a break from analyzing a specific section of the EO to focus on who will be impacted by the order.

Part 2: Sec 2. Removing Barriers to Sharing Threat Information

Highlights: contract language, reporting requirements, time periods, Federal Acquisition Regulation changes

Part 1: Sec. 4. Enhancing Software Supply Chain Security

Highlights: SBOMS, source code testing, "critical software" definition, software supply chain security practices, legacy products

 

For those of you who found the PDF versions of the EO Timeline helpful, you can still access them here:

 Sec. 4. Enhancing Software Supply Chain Security

Timeline-thumbnail

Sec 2. Removing Barriers to Sharing Threat Information  

Timeline-thumbnail2