Technology is more integrated and critical to organizational operations than ever before. And as this technology integration expands, cybersecurity has become an increasingly imperative safeguard to ensure organizations and their data are protected.
In 2021, the White House added cybersecurity to its priority list with Executive Order 14028: Improving the Nation’s Cybersecurity. This directive requires all of its systems to meet more stringent standards when it comes to securing data. And this goes for the contractors that work with the federal government, too.
Organizations that work with a federal agency – whether they are cloud-based, on-premises or hybrid – need to meet these cybersecurity standards to protect and secure their systems.
What is Executive Order 14028?
Executive Order (EO) 14028: Improving the Nation’s Cybersecurity was released in May 2021 as a directive by the President. Its goal is to better identify, deter, protect against, detect and respond to malicious cyber acts that are increasingly threatening citizens through both the public and private sectors. As it states:
“Incremental improvements will not give us the security we need; instead, the Federal Government needs to make bold changes and significant investments in order to defend the vital institutions that underpin the American way of life.”
Yet it also acknowledges that making changes among federal agencies won’t be enough. Protecting Americans’ data requires more than government action, and the private sector must be included in these new ways of securing online information. With that in mind, all contractors that partner with the federal government need to meet or exceed these cybersecurity requirements.
What are the requirements?
Requirements for this executive order are sweeping as they focus on creating a more secure, trustworthy and transparent digital infrastructure. These requirements include:
-
Direction on how service providers share cyber threats and incidents.
-
Create security standards for software sold to the government, including making security data of this software publicly available.
-
Call for secure cloud services, zero-trust architecture and other security mandates like encryption and multifactor authentication.
-
Create a guide and definitions for cyber incident response.
See more of the requirements in this summary of EO 14028. For cloud service providers, the requirements include becoming certified by the Federal Risk and Authorization Management Program, or FedRAMP. Learn more about this certification process and what it means for organizations.
What does this mean for government contractors?
The government partners with contractors for everything from special projects to day-to-day functions, from systems that process data to others that operate critical machinery. Now, all of these information technology (IT) and operational technology (OT) service providers that do business with Federal Information Systems must meet these new requirements in order to continue working with or selling software to the federal government.
Before EO 14028, contract restrictions limited the ability to share information between the government and contractors when a cyber incident occurs, missing an opportunity for agencies like the FBI or Cybersecurity and Infrastructure Security Agency (CISA) to investigate. Under the executive order, these contractual barriers are removed, opening more cross-collaboration in cyber risk deterrence, prevention and response.
As EO 14028 rolls out, impacted organizations should receive updated contract language to reflect these changes and new requirements.
What does this mean for consumers?
Besides supporting the federal government with expanded cybersecurity, the executive order’s mandates position third-party providers with a top differentiator when it comes to cybersecurity. Organizations meeting the EO 14028 standards can offer consumers outside of the government the same level of data protection – offering additional peace of mind that comes with using the latest, and federally certified, cybersecurity systems.
Through EO 14028, the federal government and its partner organizations work together to use the latest cybersecurity methods and will be aligned in protecting vital online information, and in turn consumers’ (and all citizens’) security and privacy throughout the country and beyond.
How DevonWay can help
As a leader in quality, safety and asset management software, DevonWay understands and values the importance of data security. That’s why we’ve been working diligently to meet the standards of Executive Order 14028, including moving through the FedRAMP authorization process. We expect to be FedRAMP certified in 2023, when our FedRAMP-certified SaaS environment will offer the same award-winning suite of services as the commercial SaaS environment.
Learn more about the benefits, timeline, and cost of our upcoming FedRAMP-certified environment in our webinar recording.
