The Information Technology Industry Council has called on the Office of Management and Budget to create a standardized rulemaking process for the implementation of secure software development requirements across the federal government.
The letter, which is addressed to OMB Director Shalanda Young, includes recommendations to support the government’s progress in achieving these milestones, the council disclosed on Monday.
Gordon Bitko, executive vice president of policy for public sector at ITI, expressed his concerns regarding potential variation in the government’s movement within secure software development, which can cause ambiguity and slow the attainment of federal software security goals.
“Software producers face significant barriers, including ambiguous terminology, confusing timelines, and the potential for regulatory fragmentation,” Bitko said.
In the letter, ITI refers to an OMB memo released in September that aims to require agencies obtain a self-attestation from software developers before using their products, which the letter states is currently not mandated under any FAR clause. According to ITI, this may lead to unnecessary agency investments in developing tailored requirements that may not meet the updated standards of a new clause.
To address these concerns, ITI urged the OMB to ensure that federal agencies are using one standardized form when requesting self-attestation from software companies that includes the option to request addendums for mission-specific requirements.