The Cybersecurity and Infrastructure Security Agency is seeking public feedback on requiring government agencies to obtain self-attestation forms from developers of new software to be installed within their organization.
The proposed requirement is part of the Office of Management and Budget’s guidance to improve the security of U.S. software supply chains, CISA said in a notice published Thursday on Federal Register.
The Department of Homeland Security proposed the self-attestation form in response to the OMB guidance, which mandates that federal agencies only purchase from software producers that can prove compliance with the secure software development framework established by the National Institute of Standards and Technology.
DHS, through CISA, is inviting comments on how to reduce the financial and time burdens expected from filling out self-attestation forms. The agency is welcoming suggestions on automation and other technological techniques to make annual electronic submissions of the pdf forms easier.
Respondents have until June 26 to submit their input to CISA.
On June 8, the Potomac Officers Club will host its annual Cyber Summit, a venue for government, military and industry experts to pool their insights on cyber’s impact on the public sector. This exciting event is now open for registration.
