{"id":59454,"date":"2021-08-05T12:23:13","date_gmt":"2021-08-05T19:23:13","guid":{"rendered":""},"modified":"2025-04-23T10:41:57","modified_gmt":"2025-04-23T17:41:57","slug":"eo-strategies-for-securing-critical-software-classifying-agency-data","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/security\/2021\/08\/05\/eo-strategies-for-securing-critical-software-classifying-agency-data\/","title":{"rendered":"EO Strategies for Securing Critical Software &amp; Classifying Agency Data"},"content":{"rendered":"<p><img decoding=\"async\" class=\"col-xs-12 col-sm-6\" style=\"float: right;padding-left: 0px!important;padding-right: 0px!important;margin-bottom: 15px;margin-left: 15px\" src=\"https:\/\/www.microsoft.com\/en-us\/industry\/blog\/wp-content\/uploads\/sites\/28\/2021\/08\/GettyImages-834500976-scaled.jpg\" alt=\"Cropped shot of a young computer programmer looking through data.\" width=\"100%\" \/>So far in our ongoing series on the Biden Administration\u2019s Cybersecurity Executive Order (EO) to bolster the U.S. Government\u2019s resilience against cyberattacks we\u2019ve taken a look at <a href=\"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/government\/2021\/06\/17\/the-cybersecurity-executive-order-whats-next-for-federal-agencies\/\" target=\"_blank\" rel=\"noopener\">what\u2019s next for federal agencies<\/a> and then <a href=\"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/government\/2021\/06\/24\/mapping-the-cybersecurity-executive-order-milestones\/\" target=\"_blank\" rel=\"noopener\">mapped out major milestones<\/a>. Two of those milestones are on August 10, 2021, focused on critical software and classifying agency data guidance. Today, we cover the connection between the two, and ways agencies can address both head-on as part of a holistic cyber modernization strategy.<\/p>\n<h3>Improving the security of critical software<\/h3>\n<p>To enhance the security of the software supply chain, NIST recently published its <a href=\"https:\/\/www.nist.gov\/itl\/executive-order-improving-nations-cybersecurity\/critical-software-definition\" target=\"_blank\" rel=\"noopener\">definition of \u201ccritical software<\/a>,\u201d followed by <a href=\"https:\/\/www.nist.gov\/itl\/executive-order-improving-nations-cybersecurity\/security-measures-eo-critical-software-use-2\" target=\"_blank\" rel=\"noopener\">guidance outlining security measures for critical software<\/a> in accordance with the EO Section 4 timeline. We recognize the importance of prioritizing risk management efforts and ensuring that security measures are applied to critical software. Notably, within the security measures, the importance of MFA and encryption is underlined along with other Zero Trust best practices such as verifying identity explicitly, using least privileged access, and assuming breach. The security measures also align with other <a href=\"https:\/\/www.cisa.gov\/BadPractices\" target=\"_blank\" rel=\"noopener\">recent federal guidance<\/a> that highlights the importance of using supported software and deploying patches.<\/p>\n<p>The NIST guidance marks a significant step forward in equipping agencies with an approach for better assessing and managing technology-based assets and potential impacts so security and resiliency resources can better align to risk priorities. As we approach the next major August 10 milestone to comply with NIST, CISA, and OMB guidance around applying practices of least privilege, network segmentation, and proper configuration, we recommend agencies fine-tune existing security measures for critical software by:<\/p>\n<ul>\n<li>Identifying risks and managing governance processes;<\/li>\n<li>Protecting data and functions associated with critical software, including through identity and access management, proper configuration management, and software maintenance;<\/li>\n<li>Detecting anomalies and potential issues; and<\/li>\n<li>Ensuring the readiness of appropriate response and recoverability capabilities.<\/li>\n<\/ul>\n<p>Welcome news for agencies is that they are likely already well prepared to address critical software risks by simply activating the tools and capabilities they have deployed as part of their EO and modernization journey to date. Utilizing posture management tools, like <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/business\/microsoft-secure-score\" target=\"_blank\" rel=\"noopener\">Microsoft Secure Score<\/a> to continually measure and audit agencies\u2019 operational security posture, and <a href=\"https:\/\/docs.microsoft.com\/en-us\/microsoft-365\/compliance\/?view=o365-worldwide\" target=\"_blank\" rel=\"noopener\">Compliance Manager<\/a> to simplify the compliance journey and reduce risk, can ensure greater visibility into risk management gaps and help better align agency security resources.<\/p>\n<p>Along with real-time analytics, adopting a <a href=\"https:\/\/www.nist.gov\/publications\/zero-trust-architecture\" target=\"_blank\" rel=\"noopener\">Zero Trust architecture<\/a> can also help further holistic efforts to protect, detect, respond, recover, and manage the risks associated with deploying critical software. Agencies can reference Microsoft\u2019s <a href=\"https:\/\/aka.ms\/FederalZeroTrustPlan\" target=\"_blank\" rel=\"noopener\">Zero Trust rapid modernization plan<\/a> and Zero Trust Scenario Architectures[1], which have been developed based on decades of experience collaborating with federal agencies. Additionally, Microsoft is working with NIST\u2019s National Cybersecurity Center of Excellence (NCCoE) on the <a href=\"https:\/\/www.nccoe.nist.gov\/news\/nccoe-announces-technology-collaborators-demonstrate-zero-trust-architectures\" target=\"_blank\" rel=\"noopener\">Implementing a Zero Trust Architecture Project<\/a> to develop practical, interoperable approaches to designing and building zero trust architectures that align with the tenets and principles documented in NIST SP 800-207, Zero Trust Architecture [2].<\/p>\n<p>Addressing software security is not new to us; Microsoft has long invested in developing best practices for<a href=\"https:\/\/www.microsoft.com\/security\/blog\/2020\/03\/11\/guarding-against-supply-chain-attacks-part-3-how-software-becomes-compromised\/\" target=\"_blank\" rel=\"noopener\"> secure software development<\/a>, source code testing [3], and<a href=\"https:\/\/www.microsoft.com\/en-us\/cybersecurity\/content-hub\/minimizing-cybersecurity-risk-through-coordinated-vulnerability-disclosure\" target=\"_blank\" rel=\"noopener\"> vulnerability disclosure and management programs<\/a>. We will continue to collaborate with government and industry to provide configuration tools and guidance around EO-critical software, as well as share lessons learned and implementation strategies to help accelerate and drive successful cybersecurity deployments into the future.<\/p>\n<h3>Evaluating and classifying agency data<\/h3>\n<p>The first milestone on improving the security of critical software goes hand-in-hand with the second August 10, 2021 milestone, which calls for evaluating and classifying agency data, and providing a report of their evaluation to DHS and OMB. If approached together, work toward this milestone will simultaneously help agencies satisfy the data inventory requirements for critical software as outlined in security measure (SM 2.1), which requires agencies to understand the data inventory of their EO-critical software [4].<\/p>\n<p>Aligning the two milestone efforts is the broader recognition that agency data may have different sensitivity levels and not all data needs the same level of protection. Understanding <a href=\"https:\/\/docs.microsoft.com\/en-us\/microsoft-365\/compliance\/information-protection?view=o365-worldwide#know-your-data\" target=\"_blank\" rel=\"noopener\">sensitive data exposure<\/a> will help agencies better define policies for security and compliance requirements, automatically inspect documents and emails across locations, and detect common controlled unclassified information (CUI) data types such as financial, healthcare, personally identifiable information (PII), or others.<\/p>\n<p>The EO\u2019s focus on the discovery phase of the information protection lifecycle will allow agencies to both address critical software needs and better evaluate and classify data no matter where it is stored or who it is shared with. To meet this joint milestone, agencies should focus on creating unified labels for broad categories of sensitive content types such as PII. Using tools like <a href=\"https:\/\/docs.microsoft.com\/en-us\/microsoft-365\/compliance\/data-classification-activity-explorer?view=o365-worldwide\" target=\"_blank\" rel=\"noopener\">Activity Explorer<\/a>, agencies can identify the locations and quantities of sensitive data. <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/business\/cloud-app-security\" target=\"_blank\" rel=\"noopener\">Microsoft Cloud App Security<\/a> can also provide sensitive data flow information via in-session inbound and outbound file labeling.<\/p>\n<p>Microsoft also works in close partnership with agencies to avoid common data loss prevention pitfalls, like overprotecting data. Users who experience friction from untuned classification labels or sizable changes in their productivity workflows are more likely to try and work with sensitive data outside of the governed systems and services. Agencies can avoid this risk by implementing tools like <a href=\"https:\/\/docs.microsoft.com\/en-us\/microsoft-365\/compliance\/information-protection?view=o365-worldwide\" target=\"_blank\" rel=\"noopener\">Microsoft Information Protection<\/a>, which allows agencies to balance security and control with end user-friendly policies. Beyond technology, Microsoft Consulting Services can help agencies optimize their information protection deployment strategies and navigate labeling and compliance requirements.<\/p>\n<h3>Sustaining the momentum through shared responsibility<\/h3>\n<p>The EO achievements to date show what can be realized when government and industry come together and invest in securing our nation\u2019s cybersecurity and technology ecosystem. The August 10 milestones and other related work already underway, help establish a consistent and high baseline for the security of both technology products and agency operations and is critical for dealing with the new realities of federal work.<\/p>\n<p>We encourage you to visit our <a href=\"https:\/\/www.microsoft.com\/en-us\/federal\/CyberEO.aspx\" target=\"_blank\" rel=\"noopener\">Cyber EO resource center<\/a> and stay tuned to this blog for additional insights as we chart the course for the next major September EDR milestone, which asks for federal civilian agencies to adopt government-wide EDR approaches based on OMB requirements.<br \/><br \/><\/p>\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\" \/>\n\n\n\n<p><br>[1] &#8211; <strong>Microsoft.<\/strong> (2021). <em>Executive order on improving the nation\u2019s cybersecurity: Reference architectures for common Zero Trust scenarios<\/em>. Microsoft Security. https:\/\/github.com\/microsoft\/MSUS-Security-Research\/raw\/cyber-eo\/Federal%20Zero%20Trust%20Planning.pdf<br><br>[2] &#8211; Rose, S., Borchert, O., Mitchell, S., &amp; Connelly, S. (2020). Zero trust architecture (NIST Special Publication 800-207). National Institute of Standards and Technology. https:\/\/nvlpubs.nist.gov\/nistpubs\/SpecialPublications\/NIST.SP.800-207.pdf<br><br>[3] &#8211; <strong>Microsoft Corporation.<\/strong> (2021). <em>Executive Order \u2013 NIST workshop position paper #4: Testing software source code<\/em>. https:\/\/www.nist.gov\/system\/files\/documents\/noindex\/2021\/06\/08\/Microsoft%20-%20Executive%20Order%20-%20NIST%20workshop%20position%20paper%204-%20Testing%20sofware%20source%20code%20Microsoft%20Corporation.pdf<\/p>\n\n\n\n<p>[4] &#8211; <strong>National Institute of Standards and Technology.<\/strong> (2021, July 9). <em>Security measures for \u201cEO-critical software\u201d use under Executive Order (EO) 14028<\/em>. U.S. Department of Commerce. https:\/\/www.nist.gov\/system\/files\/documents\/2021\/07\/09\/Critical%20Software%20Use%20Security%20Measures%20Guidance.pdf<\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>So far in our ongoing series on the Biden Administration\u2019s Cybersecurity Executive Order (EO) to bolster the U.S. Government\u2019s resilience against cyberattacks we\u2019ve taken a look at what\u2019s next for federal agencies and then mapped out major milestones.<\/p>\n","protected":false},"author":0,"featured_media":59481,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ep_exclude_from_search":false,"_classifai_error":"","_classifai_text_to_speech_error":"","footnotes":""},"categories":[1542],"post_tag":[75,76,1674,1617],"content-type":[261],"coauthors":[1031],"class_list":["post-59454","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-cybersecurity","tag-data-governance","tag-government","tag-zero-trust","content-type-best-practices"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.2 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>EO Strategies for Securing Critical Software &amp; Classifying Agency Data - Microsoft in Business Blogs<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/security\/2021\/08\/05\/eo-strategies-for-securing-critical-software-classifying-agency-data\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"EO Strategies for Securing Critical Software &amp; Classifying Agency Data - Microsoft in Business Blogs\" \/>\n<meta property=\"og:description\" content=\"So far in our ongoing series on the Biden Administration\u2019s Cybersecurity Executive Order (EO) to bolster the U.S. Government\u2019s resilience against cyberattacks we\u2019ve taken a look at what\u2019s next for federal agencies and then mapped out major milestones.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/security\/2021\/08\/05\/eo-strategies-for-securing-critical-software-classifying-agency-data\/\" \/>\n<meta property=\"og:site_name\" content=\"Microsoft in Business Blogs\" \/>\n<meta property=\"article:published_time\" content=\"2021-08-05T19:23:13+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-04-23T17:41:57+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/wp-content\/uploads\/sites\/28\/2021\/08\/GettyImages-834500976-scaled.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"2560\" \/>\n\t<meta property=\"og:image:height\" content=\"1200\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"5 min read\" \/>\n\t<meta name=\"twitter:label2\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data2\" content=\"Steve Faehl\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/security\/2021\/08\/05\/eo-strategies-for-securing-critical-software-classifying-agency-data\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/security\/2021\/08\/05\/eo-strategies-for-securing-critical-software-classifying-agency-data\/\"},\"author\":[{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/author\/steve-faehl\/\",\"@type\":\"Person\",\"@name\":\"Steve Faehl\"}],\"headline\":\"EO Strategies for Securing Critical Software &amp; Classifying Agency Data\",\"datePublished\":\"2021-08-05T19:23:13+00:00\",\"dateModified\":\"2025-04-23T17:41:57+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/security\/2021\/08\/05\/eo-strategies-for-securing-critical-software-classifying-agency-data\/\"},\"wordCount\":1160,\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/security\/2021\/08\/05\/eo-strategies-for-securing-critical-software-classifying-agency-data\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/wp-content\/uploads\/sites\/28\/2021\/08\/GettyImages-834500976-scaled.jpg\",\"keywords\":[\"Cybersecurity\",\"Data Governance\",\"Government\",\"Zero Trust\"],\"articleSection\":[\"Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/security\/2021\/08\/05\/eo-strategies-for-securing-critical-software-classifying-agency-data\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/security\/2021\/08\/05\/eo-strategies-for-securing-critical-software-classifying-agency-data\/\",\"name\":\"EO Strategies for Securing Critical Software &amp; Classifying Agency Data - Microsoft in Business Blogs\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/security\/2021\/08\/05\/eo-strategies-for-securing-critical-software-classifying-agency-data\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/security\/2021\/08\/05\/eo-strategies-for-securing-critical-software-classifying-agency-data\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/wp-content\/uploads\/sites\/28\/2021\/08\/GettyImages-834500976-scaled.jpg\",\"datePublished\":\"2021-08-05T19:23:13+00:00\",\"dateModified\":\"2025-04-23T17:41:57+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/security\/2021\/08\/05\/eo-strategies-for-securing-critical-software-classifying-agency-data\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/security\/2021\/08\/05\/eo-strategies-for-securing-critical-software-classifying-agency-data\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/security\/2021\/08\/05\/eo-strategies-for-securing-critical-software-classifying-agency-data\/#primaryimage\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/wp-content\/uploads\/sites\/28\/2021\/08\/GettyImages-834500976-scaled.jpg\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/wp-content\/uploads\/sites\/28\/2021\/08\/GettyImages-834500976-scaled.jpg\",\"width\":2560,\"height\":1200,\"caption\":\"Cropped shot of a young computer programmer looking through data\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/security\/2021\/08\/05\/eo-strategies-for-securing-critical-software-classifying-agency-data\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"EO Strategies for Securing Critical Software &amp; Classifying Agency Data\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/#website\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/\",\"name\":\"Microsoft in Business Blogs\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/#organization\",\"name\":\"Microsoft in Business Blogs\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/wp-content\/uploads\/sites\/28\/2018\/07\/R6wl9gWl_400x400.jpg\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/wp-content\/uploads\/sites\/28\/2018\/07\/R6wl9gWl_400x400.jpg\",\"width\":400,\"height\":400,\"caption\":\"Microsoft in Business Blogs\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"EO Strategies for Securing Critical Software &amp; Classifying Agency Data - Microsoft in Business Blogs","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/security\/2021\/08\/05\/eo-strategies-for-securing-critical-software-classifying-agency-data\/","og_locale":"en_US","og_type":"article","og_title":"EO Strategies for Securing Critical Software &amp; Classifying Agency Data - Microsoft in Business Blogs","og_description":"So far in our ongoing series on the Biden Administration\u2019s Cybersecurity Executive Order (EO) to bolster the U.S. Government\u2019s resilience against cyberattacks we\u2019ve taken a look at what\u2019s next for federal agencies and then mapped out major milestones.","og_url":"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/security\/2021\/08\/05\/eo-strategies-for-securing-critical-software-classifying-agency-data\/","og_site_name":"Microsoft in Business Blogs","article_published_time":"2021-08-05T19:23:13+00:00","article_modified_time":"2025-04-23T17:41:57+00:00","og_image":[{"width":2560,"height":1200,"url":"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/wp-content\/uploads\/sites\/28\/2021\/08\/GettyImages-834500976-scaled.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"5 min read","Written by":"Steve Faehl"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/security\/2021\/08\/05\/eo-strategies-for-securing-critical-software-classifying-agency-data\/#article","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/security\/2021\/08\/05\/eo-strategies-for-securing-critical-software-classifying-agency-data\/"},"author":[{"@id":"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/author\/steve-faehl\/","@type":"Person","@name":"Steve Faehl"}],"headline":"EO Strategies for Securing Critical Software &amp; Classifying Agency Data","datePublished":"2021-08-05T19:23:13+00:00","dateModified":"2025-04-23T17:41:57+00:00","mainEntityOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/security\/2021\/08\/05\/eo-strategies-for-securing-critical-software-classifying-agency-data\/"},"wordCount":1160,"publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/#organization"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/security\/2021\/08\/05\/eo-strategies-for-securing-critical-software-classifying-agency-data\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/wp-content\/uploads\/sites\/28\/2021\/08\/GettyImages-834500976-scaled.jpg","keywords":["Cybersecurity","Data Governance","Government","Zero Trust"],"articleSection":["Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/security\/2021\/08\/05\/eo-strategies-for-securing-critical-software-classifying-agency-data\/","url":"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/security\/2021\/08\/05\/eo-strategies-for-securing-critical-software-classifying-agency-data\/","name":"EO Strategies for Securing Critical Software &amp; Classifying Agency Data - Microsoft in Business Blogs","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/security\/2021\/08\/05\/eo-strategies-for-securing-critical-software-classifying-agency-data\/#primaryimage"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/security\/2021\/08\/05\/eo-strategies-for-securing-critical-software-classifying-agency-data\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/wp-content\/uploads\/sites\/28\/2021\/08\/GettyImages-834500976-scaled.jpg","datePublished":"2021-08-05T19:23:13+00:00","dateModified":"2025-04-23T17:41:57+00:00","breadcrumb":{"@id":"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/security\/2021\/08\/05\/eo-strategies-for-securing-critical-software-classifying-agency-data\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/security\/2021\/08\/05\/eo-strategies-for-securing-critical-software-classifying-agency-data\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/security\/2021\/08\/05\/eo-strategies-for-securing-critical-software-classifying-agency-data\/#primaryimage","url":"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/wp-content\/uploads\/sites\/28\/2021\/08\/GettyImages-834500976-scaled.jpg","contentUrl":"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/wp-content\/uploads\/sites\/28\/2021\/08\/GettyImages-834500976-scaled.jpg","width":2560,"height":1200,"caption":"Cropped shot of a young computer programmer looking through data"},{"@type":"BreadcrumbList","@id":"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/security\/2021\/08\/05\/eo-strategies-for-securing-critical-software-classifying-agency-data\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/"},{"@type":"ListItem","position":2,"name":"EO Strategies for Securing Critical Software &amp; Classifying Agency Data"}]},{"@type":"WebSite","@id":"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/#website","url":"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/","name":"Microsoft in Business Blogs","description":"","publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/#organization","name":"Microsoft in Business Blogs","url":"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/#\/schema\/logo\/image\/","url":"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/wp-content\/uploads\/sites\/28\/2018\/07\/R6wl9gWl_400x400.jpg","contentUrl":"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/wp-content\/uploads\/sites\/28\/2018\/07\/R6wl9gWl_400x400.jpg","width":400,"height":400,"caption":"Microsoft in Business Blogs"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/#\/schema\/logo\/image\/"}}]}},"msxcm_animated_featured_image":null,"_links":{"self":[{"href":"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/wp-json\/wp\/v2\/posts\/59454","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/wp-json\/wp\/v2\/comments?post=59454"}],"version-history":[{"count":1,"href":"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/wp-json\/wp\/v2\/posts\/59454\/revisions"}],"predecessor-version":[{"id":69707,"href":"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/wp-json\/wp\/v2\/posts\/59454\/revisions\/69707"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/wp-json\/wp\/v2\/media\/59481"}],"wp:attachment":[{"href":"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/wp-json\/wp\/v2\/media?parent=59454"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/wp-json\/wp\/v2\/categories?post=59454"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/wp-json\/wp\/v2\/post_tag?post=59454"},{"taxonomy":"content-type","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/wp-json\/wp\/v2\/content-type?post=59454"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/wp-json\/wp\/v2\/coauthors?post=59454"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}