[CDP-development] CISA released proposed secure software self-attestation common form

Masse, Theresa theresa.masse at cisa.dhs.gov
Fri Apr 28 12:43:05 PDT 2023 

FYSA


Advancing progress toward a technology environment where all software products are safe and secure by design is a top priority for CISA, the broader U.S. government, and the global cybersecurity community. As a step on this journey, the U.S. Cybersecurity and Infrastructure Security Agency (CISA<https://cisa.gov/>) published a proposed Secure Software Self-Attestation Common Form<https://cisa.gov/secure-software-attestation-form> in the Federal Register<https://www.federalregister.gov/documents/2023/04/27/2023-08823/agency-information-collection-activities-request-for-comment-on-secure-software-development>.



Executive Order 14028 and the Office of Management and Budget's (OMB) M-22-18<https://www.whitehouse.gov/wp-content/uploads/2022/09/M-22-18.pdf>, "Enhancing the Security of the Software Supply Chain through Secure Software Development Practices," required development of a self-attestation form in which software producers serving the federal government will be required to confirm implementation of specific security practices.



CISA developed this draft form in close consultation with OMB and based upon practices established in the National Institute of Standards and Technology's Secure Software Development Framework (SSDF).  When final, the Secure Software Self-Attestation Common Form will provide federal agencies with minimum requirements to obtain a self-attestation from the software producer before using the software.
All interested parties are encouraged to review the form and submit input on any aspect of the form through the Federal Register<https://www.federalregister.gov/documents/2023/04/27/2023-08823/agency-information-collection-activities-request-for-comment-on-secure-software-development>. Comments will be received through June 26, 2023.


Theresa A. Masse
Cybersecurity State Coordinator/Advisor, Region 10 (Oregon)
Cybersecurity and Infrastructure Security Agency
Department of Homeland Security
Phone: (503) 930-5671
Email: theresa.masse at cisa.dhs.gov<mailto:theresa.masse at cisa.dhs.gov>

[cid:image001.png at 01D979CE.EA25CCF0]


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20230428/1dc1fb63/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 16152 bytes
Desc: image001.png
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20230428/1dc1fb63/attachment-0001.png>

More information about the CDP-development mailing list