EO 14028 uncertainty offers opportunities in event logging, zero trust, Part 2 of 2

By Ryan Nelson, Market Intelligence Manager

Uncertainty at the agency level about what constitutes compliance with EO 14028’s requirements regarding event logging (EL) and zero trust architecture (ZTA) offers vendors with those technological capabilities an opportunity to support agencies as they try to meet the demands of the order.

In the first part of this two-part series, we looked at event logging. This time we’ll turn our attention to ZTA.

As mentioned in our first installment, agencies have requested significant funding for the zero trust architecture and event logging requirements in the Executive Order, typically to the tune of $25 million per agency to achieve both goals.


EO 14028, signed on May 12, 2021 contains specific directives to achieve improve agency visibility on network activity and cybersecurity. The Office of Management and Budget (OMB) then released clarifying guidance in memos to define what agencies must accomplish. These include:

  • OMB 21-31: Improving the Federal Government’s Investigative and Remediation Capabilities Related to Cybersecurity Incidents
  • OMB 22-09: Moving the U.S. Government Toward Zero Trust Cybersecurity Principles

EO 14028 required agencies to demine their strategy for achieving a zero trust architecture within 60 days of release, while OMB 22-09 requires specific security goals be achieved by the end of FY2024.

5 Zero Trust Maturity Model goals

The security goals identified by the OMB memorandum map onto the Zero Trust Maturity Model established by the Cybersecurity and Infrastructure Security Agency (CISA):

  1. Identity: Agency staff will employ enterprise-managed identities to access the applications they use in their work. Phishing-resistant multi-factor authentication (MFA) will protect those personnel from sophisticated online attacks.
  2. Devices: The Federal Government will develop a complete inventory of every device it operates and authorizes for government use, and can prevent, detect, and respond to incidents on those devices.
  3. Networks: Agencies will encrypt all DNS requests and HTTP traffic within their environment and begin executing a plan to break down their perimeters into isolated environments.
  4. Applications and Workloads: Agencies will treat all applications as internet-connected, routinely subject their applications to rigorous empirical testing, and welcome external vulnerability reports.
  5. Data: Agencies are on a clear, shared path to deploy protections that make use of thorough data categorization. Agencies are taking advantage of cloud security services to monitor access to their sensitive data, and have implemented enterprise-wide logging and information sharing.

Funding for zero trust architecture and event logging

Congress seems to understand that these ZTA initiatives, as well as compliance with enterprise logging requirements, cannot come without budgetary support. In FY22, Congress funded cyber security spending above the Presidential budget request numbers. The FY23 budget increases cybersecurity spending by 11%, up to $11B for non-DoD cybersecurity.

Because of the uncertain political environment, it is unclear as to when specifically approval for the additional spending will come – although the expectation is that funding for both ZTA and Enterprise Logging will in fact be approved.

Opportunities for vendors

Growing attention in these technological areas will create continued opportunities for vendors that can help agencies navigate their way to compliance. Vendors should stay abreast of developments and further guidance from OMB to ensure they can support their agency clients through these challenging but important initiatives.

Interested in keeping up on the latest IT trends in public sector? Subscribe to immixGroup’s Government Sales Insider blog now!

Need help with your FY23 growth strategy? See how our Market Intelligence team can help you define your targets.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: