Information SecurityUnited States
US Executive Order 14028 — Improving the Nation's Cybersecurity
Executive Order 14028 (May 2021) is a landmark US federal cybersecurity directive mandating improvements to federal cybersecurity including zero trust architecture, software supply chain security, incident detection and response, and federal security standardization. It directed NIST to develop secure software development guidelines and SBOM requirements, and required agencies to implement zero trust architecture by FY2024..
Domains
National Security Systems (Section 9)
Improving Detection and Investigation (Sections 7 & 8)
Standardizing the Federal Response (Section 6)
Cyber Safety Review Board (Section 5)
Enhancing Software Supply Chain Security (Section 4)
Compare US Executive Order 14028 — Improving the Nation's Cybersecurity
US Executive Order 14028 — Improving the Nation's Cybersecurity vs ISO 27001:2022View comparison →US Executive Order 14028 — Improving the Nation's Cybersecurity vs SOC 2View comparison →US Executive Order 14028 — Improving the Nation's Cybersecurity vs NIST CSF 2.0View comparison →US Executive Order 14028 — Improving the Nation's Cybersecurity vs GDPRView comparison →US Executive Order 14028 — Improving the Nation's Cybersecurity vs HIPAAView comparison →US Executive Order 14028 — Improving the Nation's Cybersecurity vs PCI DSS 4.0View comparison →
US Executive Order 14028 — Improving the Nation's Cybersecurity by Industry
US Executive Order 14028 — Improving the Nation's Cybersecurity for Healthcare→US Executive Order 14028 — Improving the Nation's Cybersecurity for Financial Services→US Executive Order 14028 — Improving the Nation's Cybersecurity for Technology→US Executive Order 14028 — Improving the Nation's Cybersecurity for Government→US Executive Order 14028 — Improving the Nation's Cybersecurity for Manufacturing→US Executive Order 14028 — Improving the Nation's Cybersecurity for Energy→US Executive Order 14028 — Improving the Nation's Cybersecurity for Retail→US Executive Order 14028 — Improving the Nation's Cybersecurity for Education→
US Executive Order 14028 — Improving the Nation's Cybersecurity by Role
US Executive Order 14028 — Improving the Nation's Cybersecurity for CISOs→US Executive Order 14028 — Improving the Nation's Cybersecurity for Compliance Officers→US Executive Order 14028 — Improving the Nation's Cybersecurity for Risk Managers→US Executive Order 14028 — Improving the Nation's Cybersecurity for IT Directors→US Executive Order 14028 — Improving the Nation's Cybersecurity for DPOs→US Executive Order 14028 — Improving the Nation's Cybersecurity for Auditors→
Frequently Asked Questions
What is US Executive Order 14028?
Executive Order 14028 (May 2021) is a landmark US federal cybersecurity directive mandating improvements to federal cybersecurity including zero trust architecture, software supply chain security, incident detection and response, and federal security standardization. It directed NIST to develop secure software development guidelines and SBOM requirements, and required agencies to implement zero trust architecture by FY2024..
How many controls does US Executive Order 14028 have?
US Executive Order 14028 contains 24 controls organized across 7 domains.
Where does US Executive Order 14028 apply?
US Executive Order 14028 is applicable in United States. Organizations operating in or serving customers in this jurisdiction should evaluate its requirements.
What frameworks does US Executive Order 14028 map to?
US Executive Order 14028 has control-to-control mappings with 533 other compliance frameworks in our database. Use our compliance platform to explore these mappings interactively.
How do I get started with US Executive Order 14028 compliance?
Start by understanding the framework's key controls and domains. Our compliance platform provides AI-powered gap analysis and mapping tools to help you assess your current posture and build a remediation plan.
How ready are you for US Executive Order 14028 — Improving the Nation's Cybersecurity?
Answer 25 questions and get a professional readiness report with gap analysis, maturity scores, and prioritised action items. Results in 5 minutes.