Federal GRC Engineering

Josef Kamara, CPA, CISSP, CISA · Updated May 6, 2026 · 1 minute read

EO 14028

Executive Order 14028, "Improving the Nation's Cybersecurity", signed May 12, 2021 in the wake of the SolarWinds and Colonial Pipeline incidents. EO 14028 directs federal modernization across software supply chain security (Section 4, including SBOM minimum elements), zero trust architecture adoption, multi-factor authentication and encryption for federal data, the Cyber Safety Review Board, and a standardized federal incident response playbook. The order is the legal and political predicate for OMB M-22-09 (zero trust), the SBOM rulemaking, and the CISA Secure Software Development Attestation form for federal software vendors.

The Authority Brief

One compliance analysis per week from Josef Kamara, CPA, CISSP, CISA. Federal and private compliance, written for practitioners.