the White House issued Executive Order 14144, “Strengthening and Positioning Innovation in the Nation’s Cybersecurity”. This directive represents a significant step forward in addressing the challenges posed by increasingly complex software ecosystems. Building on previous initiatives like Executive Order 14028 and the National Cybersecurity Strategy, it prioritizes the security of software supply chains and the adoption of innovative practices to mitigate emerging risks.
The mandate emphasizes the following key actions:
Secure Development Accountability
Software providers must submit machine-readable attestations of secure development practices, along with evidence, to the Cybersecurity and Infrastructure Security Agency’s (CISA) Repository for Software Attestation and Artifacts (RSAA). Providers are also required to list their Federal Civilian Executive Branch (FCEB) agency software customers.
Focus on Communication Protocols and Identity Management
Agencies are instructed to adopt advanced security protocols and identity management solutions to protect federal systems.
Driving Innovation in Cybersecurity
The order underscores the need for emerging technologies to bolster cybersecurity capabilities across the federal and private sectors.
Cyber Technology Insights : Cynamics Secures FedRAMP Authorization as a Managed Service on the CGC Platform
Apiiro founder and CEO, Idan Plotnik, captured the significance of this move:
“This directive is long overdue. Software supply chain security and secure software development have been essential for years, and with AI infiltrating the enterprise, the stakes have never been higher. Holding providers accountable for the security of their third-party partners and development processes is essential to protecting critical infrastructure and staying ahead of evolving threats. Requiring software providers to document and demonstrate secure practices will drive faster incident response, better vulnerability remediation, and improved license tracking—benefits that serve everyone, including those producing, maintaining, and simply using software. It’s time to match federal standards with the urgency today’s challenges demands.”
Bridging the gap between policy and practice with Apiiro
Executive Order 14144 aligns perfectly with Apiiro’s mission: to provide organizations with a proactive, scalable approach to Application Security Posture Management (ASPM). Here’s how Apiiro helps meet the order’s requirements:
1. Comprehensive Software Supply Chain Visibility
Apiiro’s eXtended Software Bill of Materials (XBOM) uses Deep Code Analysis (DCA) to provide exhaustive and continuous visibility into the DNA of your applications and software supply chain. By integrating throughout the development lifecycle, it builds a detailed inventory of application components, including open-source dependencies and APIs, enabling organizations to document and demonstrate secure development practices effectively.
Cyber Technology Insights : BackBox Unveils BackBox 8.0: Revolutionizing Network Cyber Resilience with a Unified View
2. Automated Risk Detection and Reporting
The requirement to submit secure development attestations to CISA demands efficient and reliable reporting. Apiiro’s AI-Powered Risk Detection automatically detects and evaluates material code and configuration changes across your development lifecycle. By focusing on high-impact changes, this feature streamlines reporting and ensures you can provide detailed, accurate attestations to CISA without unnecessary overhead. This functionality directly supports compliance with secure development mandates outlined in the Executive Order.
3. Improved Incident Response and Remediation
The Risk Graph™ feature within Apiiro’s ASPM platform contextualizes findings based on your business and application architecture—from code to runtime. This deep understanding allows for accurate prioritization and swift remediation of critical application risks.
4. AI-Augmented Risk Management
Apiiro’s Application Risk Prioritization & Remediation provides a contextual and risk-based approach to application security. By prioritizing critical vulnerabilities and offering targeted remediation guidance, it ensures that teams address the most impactful risks efficiently, aligning with the Executive Order’s call for innovation in cybersecurity.
Why this matters now
The stakes in cybersecurity have never been higher. High-profile supply chain attacks have exposed weaknesses in the development and delivery of software, making it clear that current practices are not enough. Executive Order 14144 represents a long-overdue push to hold providers accountable for secure practices while encouraging innovation to address emerging threats. Organizations that embrace this proactive approach will not only meet compliance standards but also gain a competitive edge in securing their software ecosystems.
Apiiro simplifies companies’ journeys towards meeting these new federal requirements. By integrating security throughout the software development lifecycle, Apiiro helps organizations adopt a proactive, comprehensive approach to ASPM that aligns with the urgency of today’s cybersecurity challenges.
Cyber Technology Insights : Saviynt Appoints Palo Alto Networks, Citrix Exec Steve Blacklock as Channel Chief
To participate in our interviews, please write to our CyberTech Media Room at sudipto@intentamplify.com
