The Cybersecurity and Infrastructure Security Agency has made available a facility where software producers working with the federal government can upload, along with relevant artifacts, forms indicating their compliance with secure development practices.
CISA said Monday that the Repository for Software Attestation and Artifacts is part of efforts to reduce the cybersecurity risks to which the federal government is exposed by promoting the use of securely-developed software.
According to CISA Executive Assistant Director for Cybersecurity Eric Goldstein, “The repository for software attestation and artifacts will enable a standardized process for agencies and software producers that provides transparency on the security of software development.”
The secure software development attestation form itself was released on March 11.
CISA said the use of the form reinforces secure-by-design principles, builds on Executive Order 14028 and furthers the National Cybersecurity Strategy.
