US Executive Order (EO) 14028, titled "Improving the Nation’s Cybersecurity", was signed by US President Joe Biden on May 12, 2021, in response to growing concerns over cybersecurity threats.
The order aims to strengthen the cybersecurity defenses of the US government and private sector by encouraging better information sharing to increase transparency and mandating stronger security measures across various industries.
The executive order covers several key areas, such as:
- Modernizing Federal Government Cybersecurity
- Improving Software Supply Chain Security
- Incident Response and Information Sharing
- Establishing a Cyber Safety Review Board
- National Institute of Standards and Technology (NIST) Involvement
- Endpoint Detection and Response (EDR)
- Zero Trust Architecture
Overall, EO 14028 aims to significantly overhaul and improve the cybersecurity posture of federal agencies while also providing a model for the private sector, especially those in critical infrastructure sectors, to follow. The goal is to increase resilience to future cyberattacks and ensure a more coordinated national response to cybersecurity threats.
Most areas of EO 14028 focus on improving cybersecurity within the US government and federal agencies etc. However, two key areas, “Improving Software Supply Chain Security” and “Incident Response and Information Sharing” are aimed towards product vendors.
As a software vendor that delivers software to the US government, federal agencies, critical infrastructure in the US, etc., Milestone fulfills the requirements defined in the two key areas aimed at product and service vendors, thus all XProtect products and online services, such as MyMilestone and Milestone Customer Dashboard conform to EO 14028.
Milestone are compliant with key area #2 “Improving Software Supply Chain Security” through our Security Development Lifecycle (SDL) and the toolchain we use during product development.
Our Security Development Lifecycle covers the foundation our SDL is built on, how we develop secure software, how we verify and validate that the implementation is secure, and finally it covers the management and governance model used during development.
Milestone’s toolchain ensures that:
- Everyone involved with all aspects of product development in Milestone adheres to our source control procedures and only uses approved tools.
- A registry of third-party libraries used in our products will be maintained, as well as a blacklist of libraries not allowed.
- Automated vulnerability and version update scanning of all libraries used are executed and reported for each release.
- A SBOM is generated, signed and stored alongside the software product for each version, documenting all components used for building the product.
Milestone are compliant with key area #3 “Incident Response and Information Sharing” through our Vulnerability Management Policy, and secondly by being recognized as a Common Vulnerabilities and Exposures (CVE) Numbering Authority (CNA).
Our Vulnerability Management Policy describes our processes and commitments in handling and responding to incidents and vulnerabilities.
Furthermore, as a recognized Common Vulnerabilities and Exposures (CVE) Numbering Authority (CNA), Milestone is committed to transparent communication about vulnerabilities found in our products.
Download our Vulnerability Management Policy
Report a vulnerability: Contact Milestone's security response team