Quick Take: Executive Order on Improving the Nation’s Cybersecurity

With the recent number of attacks that have had significant impact on critical systems, a new executive order on improving the nation’s cybersecurity has been released, covering many key areas that need to be addressed to protect critical digital infrastructure. This is one of the most detailed U.S. executive orders on cybersecurity and we welcome this effort to improve the trustworthiness of the digital infrastructure. The challenges are many and it is encouraging to see this order addressing the issues from many fronts.  

This executive order will affect many organizations, both in the public and private sector, that work with the government. These typically include financial services, healthcare, the public sector, critical infrastructures, high tech, and education. 

While the order covers a number of key topics, implementing multi-factor authentication (MFA), deploying Zero Trust Architecture, and securing the software supply chain are of particular note.

MFA officially a front line of defense

The executive order recognizes the importance of MFA and how it greatly deters account compromise. All agencies shall adopt MFA within 180 days. Additionally, software vendors must establish MFA across the enterprise. Though the order doesn’t call out specific MFA standards, phishing-resistant hardware backed authentication methods, like FIDO security keys and smart cards, provide the level of security needed to address modern day attacks.

Zero Trust Architecture

To modernize Federal government systems, agencies must develop a plan to implement a Zero Trust Architecture within 60 days. A Zero Trust security model eliminates implicit trust and is designed to only allow the minimal access needed to perform a function. Zero Trust design principles makes a “no-trust” assumption that requires authentication as users cross network boundaries particularly as organizations move to the cloud. The Zero Trust emphasis in the order demonstrates the high priority status the government is placing on modernizing agencies’ infrastructure. Strong, modern authenticators, like the YubiKey, will be essential to reaching Zero Trust goals while providing a low-friction and secure user experience.

Software Supply Chain Security

The Federal Government relies heavily on software developed internally and from technology vendors. The order specifically calls out the lack of transparency and adequate controls to prevent tampering by malicious actors. Recent attacks have shown the importance of software chain of custody. The executive order develops guidelines that will improve the verification of the integrity of the software. A best practice is to ensure code and commits are cryptographically signed, which can be accomplished with a YubiKey.

Phishing attacks continue to evolve and can lead to account takeovers and ransomware attacks, resulting from stolen or phished credentials. The best way to prevent phishing is to embrace the implementation of strong MFA and Zero Trust Architectures — exactly what part of this executive order now mandates. Furthermore, cryptography signed code and commits will be an important way to establish trust and achieve a high level of assurance. 

The recently launched YubiKey 5 FIPS Series is certified at FIPS 140-2, Overall Level 1 and Level 2, and in addition, has achieved Physical Security Level 3; the YubiKey 5 FIPS series is able to meet the requirements for Authenticator Assurance Level 3 (AAL3) as defined in NIST SP800-63B. For more information on the new YubiKey 5 FIPS Series, please visit the Yubico website. The series is also available for purchase on the Yubico store, through Yubico’s dedicated sales team, or from any Yubico-approved channel partners and resellers.

Talk to our teamTalk to our team

Share this article:


  • Digital security’s unique role in protecting our environmentAs sustainability expands to include social, economic, and technological challenges, cybersecurity has emerged as a top global threat – with cybercrime projected to cost $12 trillion this year. Stolen credentials and phishing account for 80% of breaches. At Yubico, making the world more secure is just part of how we care for the world around […]Read moreCSREarth DaySecure It ForwardSustainability
  • Breaking down Australia’s plan to combat AI-driven phishing scamsAcross Australia, cybercrime continues to be a major challenge impacting businesses, critical infrastructure and consumers alike. The use of AI by bad actors across the spectrum of cybercrime is on the rise, and as a result, credential phishing scams are becoming increasingly sophisticated. AI is effectively helping to lower the cost of phishing and increase […]Read moreAIAPACAustraliaphishing
  • 5 fast cybersecurity tips to clean up your digital lifeWith today being Identity Management Day, now is the perfect time to take stock of your online presence, update security settings, and ensure that your personal data remains protected from cyber threats like phishing. We’re also seeing increasing concerns of DeepSeek and other AI tools around data privacy making these kinds of attacks more successful […]Read morebest practices
  • Navigating the PCI DSS 4.0 transition and meeting compliance with phishing-resistant YubiKeysIn just a few days, on March 31, 2025, decision makers in industries that involve payment processing – including financial services, retail & hospitality and telecommunications – are tasked to finalize the transition to Payment Card Industry Data Security Standard (PCI DSS) 4.0. This deadline marks a critical juncture for all organizations handling payment card […]Read moreNISTPCI DSSPCI DSS 4.0