Executive Order 14144 on Cybersecurity: Building on 2021's Foundation with Advanced NHI Security

When President Biden signed Executive Order 14028 on Improving the Nation's Cybersecurity on May 12, 2021, it marked a crucial first step in modernizing our approach to digital security for the US government and large enterprises. Now, Executive Order 14144 on Strengthening and Promoting Innovation in the Nation’s Cybersecurity takes those foundational elements and significantly expands them, particularly in the critical area of identity, which must necessarily account for Non-Human Identity (NHI) governance and secrets security.

This evolution couldn't come at a more crucial time - machine identities now outnumber human users by more than 100 to 1 in many organizations, creating an attack surface that EO 14028 only began to address.

From 2021 to 2025: A Leap Forward in Security

EO 14028 revolutionized federal cybersecurity by mandating zero trust architecture, requiring SBOMs, and establishing baseline security standards. However, its broad scope meant that crucial aspects of machine identity management remained largely undefined and unaddressed. EO 14144 builds on this foundation with a sharp focus on previously overlooked areas.

Where EO 14028 introduced concepts like software supply chain security, the new mandate provides a framework for managing the identities that power these supply chains. This shift from general cybersecurity improvements to outlining more actionable requirements represents a crucial evolution in the US national security strategy around identity and secrets management.

Before we dive into the specifics, let's acknowledge a hard truth: most organizations still struggle with basic NHI governance. According to recent studies, over 50% of enterprise tech spending goes to shadow IT, making it nearly impossible to track and manage all your machine identities effectively. This is precisely where GitGuardian's NHI Security platform becomes essential, providing comprehensive discovery and management capabilities that extend far beyond traditional secret scanning, which so many people have come to know and rely on us for.

Centralized NHI Governance: From Chaos to Control

The order's requirement that agencies establish contract language requiring software providers to submit to CISA's Repository for Software Attestation and Artifacts (RSAA) marks a crucial shift. GitGuardian's Secret Analyzer tool can directly help with this challenge by providing deep insight into your machine identities ecosystem. Our platform doesn't just find secrets – it maps the relationships between your NHIs, understanding how they interact with your systems and with each other.

This contextual awareness means you can quickly identify which services are actually using discovered credentials, making it much easier to validate and attest to their proper usage.

Secrets Security: From Vulnerability to Victory

The order's emphasis on improved secrets management aligns perfectly with GitGuardian's core strengths. Our advanced detection engine can identify over 450 different types of secrets, from Adobe API keys to Zoom SDK credentials, with the industry's lowest false-positive rate. When we find a secret, the platform doesn't just alert you – it provides crucial context about how that secret is being used, who owns it, and what systems it potentially impacts. This intelligence is vital for meeting the new FedRAMP requirements around key management and rotation laid out in the executive order.

Our vault integration capabilities take this a step further, allowing you to audit all your secrets, not just those exposed in code. By connecting with your existing secrets management solutions like CyberArk's Conjur, Vault by HashiCorp, or AWS Secrets Manager, GitGuardian provides a comprehensive view of your entire secrets ecosystem, making it easier to enforce risk management policies.

Zero Trust for NHIs: Making It Real

The order's Zero Trust requirements become much more manageable with GitGuardian's advanced monitoring capabilities. The platform's continuous monitoring system tracks how your NHIs are being used across your environment, providing detailed insights into permission levels and access patterns. The goal is to help you identify overprivileged service accounts that could violate Zero Trust principles. Our platform provides the context needed for swift investigations and remediation when an incident occurs.

Supply Chain Security: Evolution from EO 14028

EO 14028 broke new ground by requiring Software Bills of Materials (SBOMs) and establishing baseline security standards for the software supply chain. However, its approach to machine identities within that chain remained largely implicit. EO 14144 dramatically expands these requirements, moving from simply documenting components to actively managing and securing the identities that connect them.

This evolution is particularly evident in three key areas:

Where EO 14028 called for general SBOM requirements, EO 14144 requires explicit documentation of every NHI within the software supply chain.
The previous order's agency-specific implementations are replaced by RSAA's centralized validation approach, creating what can be seen as a unified framework for NHI governance.
EO 14144 adds teeth to these requirements through mandatory attestation and continuous monitoring - elements that were only suggested in EO 14028.

GitGuardian's scanning capabilities have evolved in parallel with these regulatory changes. Our platform now extends well beyond the basic SBOM requirements of EO 14028, providing deep visibility into the machine identities that populate your software supply chain. GitGuardian's scanning capabilities cover your own repositories and analyze which third-party integrations are leveraged throughout your applications.

The platform can detect when some third-party service has more access than necessary, helping you enforce the principle of least privilege across your entire supply chain. More types of secrets are continually being added to our list. The Secret Analyzer's ability to understand the context of discovered secrets means you can quickly identify which third-party services are accessing what data, enabling more effective risk management.

Practical Implementation with GitGuardian

The journey to compliance starts with GitGuardian's comprehensive discovery process. The GitGuardian platform can perform deep scans across your entire environment, from Git repositories to cloud services such as Jira and Slack, identifying all NHIs and their associated secrets. The Secret Analyzer then provides detailed context about each discovery, helping you understand the risk level and appropriate remediation steps.

The platform integrates seamlessly with your CI/CD pipeline, blocking commits that contain exposed secrets and ensuring new machine identities adhere to your governance policies. Our real-time monitoring continues to track these identities throughout their lifecycle, alerting you to any deviation from established security practices.

The Path Forward: Beyond EO 14028's Foundation

The journey from EO 14028 to EO 14144 reflects our industry's growing understanding of security challenges. EO 14028's emphasis on zero trust architecture and supply chain security created a crucial foundation, but its treatment of machine identities remained relatively surface-level. EO 14144 addresses this gap head-on, transforming general cybersecurity principles into specific, actionable requirements for identity governance and cryptographic key security.

Consider how the requirements have evolved: where EO 14028 called for "maintaining and testing incident response plans," EO 14144 specifically requires automated detection and response capabilities, including for compromised machine identities.

The 2025 Executive Order isn't just another compliance requirement - it's a recognition that comprehensive identity governance must be a top priority. GitGuardian's platform provides the comprehensive tooling needed to meet these new requirements while strengthening your overall security posture. From our industry-leading secret detection to our evolving NHI governance capabilities, we offer the technology and expertise needed to secure your machine identities effectively.

Let's work together to secure your NHIs

Whether you're just starting your NHI governance journey or looking to enhance your existing security practices, GitGuardian provides the tools and expertise you need to succeed. Our platform's comprehensive approach ensures you're not just meeting compliance requirements but building a robust security foundation for the future. We would love to help you on your path.

Executive Order 14144 on Cybersecurity: Building on 2021's Foundation with Advanced NHI Security

Dwayne McDaniel

Dwayne McDaniel

From 2021 to 2025: A Leap Forward in Security

Centralized NHI Governance: From Chaos to Control

Secrets Security: From Vulnerability to Victory

Zero Trust for NHIs: Making It Real

Supply Chain Security: Evolution from EO 14028

Practical Implementation with GitGuardian

The Path Forward: Beyond EO 14028's Foundation

Let's work together to secure your NHIs

Ferdinand Boas

Dwayne McDaniel

Dwayne McDaniel

Dwayne McDaniel

Start your journey to secrets-free source code

From 2021 to 2025: A Leap Forward in Security

Centralized NHI Governance: From Chaos to Control

Secrets Security: From Vulnerability to Victory

Zero Trust for NHIs: Making It Real

Supply Chain Security: Evolution from EO 14028

Practical Implementation with GitGuardian

The Path Forward: Beyond EO 14028's Foundation

Let's work together to secure your NHIs

Related Articles

GitGuardian 2024: Advancing NHI Security on All Fronts

Ferdinand Boas

OWASP Top 10 Non-Human Identity Risks for 2025: What You Need to Know

Dwayne McDaniel

Identities Do Not Exist in a Vacuum: A View on Understanding Non-Human Identities Governance

Dwayne McDaniel

Non-Human Identity Security Strategy for Zero Trust Architecture

Dwayne McDaniel

Start your journey to secrets-free source code