<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:"Franklin Gothic Book";
        panose-1:2 11 5 3 2 1 2 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        font-size:11.0pt;
        font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
p.xmsonormal, li.xmsonormal, div.xmsonormal
        {mso-style-name:x_msonormal;
        margin:0in;
        font-size:11.0pt;
        font-family:"Calibri",sans-serif;}
span.xcontentpasted0
        {mso-style-name:x_contentpasted0;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-size:10.0pt;}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
        {page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal">FYSA<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="xmsonormal" style="background:white"><span class="xcontentpasted0"><span style="font-size:12.0pt;font-family:"Franklin Gothic Book",sans-serif;color:black">Advancing progress toward a technology environment where all software products are safe and
 secure by design is a top priority for CISA, the broader U.S. government, and the global cybersecurity community. As a step on this journey, the U.S. Cybersecurity and Infrastructure Security Agency (</span></span><span style="font-size:12.0pt;color:black"><a href="https://cisa.gov/"><span style="font-family:"Franklin Gothic Book",sans-serif">CISA</span></a></span><span class="xcontentpasted0"><span style="font-size:12.0pt;font-family:"Franklin Gothic Book",sans-serif;color:black">)
 published a proposed </span></span><span style="font-size:12.0pt;color:black"><a href="https://cisa.gov/secure-software-attestation-form"><span style="font-family:"Franklin Gothic Book",sans-serif">Secure Software Self-Attestation Common Form</span></a></span><span class="xcontentpasted0"><span style="font-size:12.0pt;font-family:"Franklin Gothic Book",sans-serif;color:black"> in
 the </span></span><span style="font-size:12.0pt;color:black"><a href="https://www.federalregister.gov/documents/2023/04/27/2023-08823/agency-information-collection-activities-request-for-comment-on-secure-software-development"><span style="font-family:"Franklin Gothic Book",sans-serif">Federal
 Register</span></a></span><span class="xcontentpasted0"><span style="font-size:12.0pt;font-family:"Franklin Gothic Book",sans-serif;color:black">.  <o:p></o:p></span></span></p>
<p class="xmsonormal" style="background:white"><o:p> </o:p></p>
<p class="xmsonormal" style="background:white"><span class="xcontentpasted0"><span style="font-size:12.0pt;font-family:"Franklin Gothic Book",sans-serif;color:black">Executive Order 14028 and the Office of Management and Budget’s (OMB) </span></span><span style="font-size:12.0pt;color:black"><a href="https://www.whitehouse.gov/wp-content/uploads/2022/09/M-22-18.pdf"><span style="font-family:"Franklin Gothic Book",sans-serif">M-22-18</span></a></span><span class="xcontentpasted0"><span style="font-size:12.0pt;font-family:"Franklin Gothic Book",sans-serif;color:black">,
 “Enhancing the Security of the Software Supply Chain through Secure Software Development Practices,” required development of a self-attestation form in which software producers serving the federal government will be required to confirm implementation of specific
 security practices.  <o:p></o:p></span></span></p>
<p class="xmsonormal" style="background:white"><o:p> </o:p></p>
<p class="xmsonormal" style="background:white"><span class="xcontentpasted0"><span style="font-size:12.0pt;font-family:"Franklin Gothic Book",sans-serif;color:black">CISA developed this draft form in close consultation with OMB and based upon practices established
 in the National Institute of Standards and Technology’s Secure Software Development Framework (SSDF).  When final, the Secure Software Self-Attestation Common Form will provide federal agencies with minimum requirements to obtain a self-attestation from the
 software producer before using the software.  </span></span><span style="font-size:12.0pt;color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span class="xcontentpasted0"><span style="font-size:12.0pt;font-family:"Franklin Gothic Book",sans-serif;color:black;background:white">All interested parties are encouraged to review the form and submit input on any aspect of the form
 through the </span></span><span style="font-size:12.0pt;color:black;background:white"><a href="https://www.federalregister.gov/documents/2023/04/27/2023-08823/agency-information-collection-activities-request-for-comment-on-secure-software-development"><span style="font-family:"Franklin Gothic Book",sans-serif">Federal
 Register</span></a></span><span class="xcontentpasted0"><span style="font-size:12.0pt;font-family:"Franklin Gothic Book",sans-serif;color:black;background:white">. Comments will be received through June 26, 2023.</span></span>
<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><b><span style="color:#1F497D">Theresa A. Masse<o:p></o:p></span></b></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Cybersecurity State Coordinator/Advisor, Region 10 (Oregon)
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Cybersecurity and Infrastructure Security Agency<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Department of Homeland Security<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Phone: (503) 930-5671
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Email:</span><span style="font-size:10.0pt;color:#777777">
</span><a href="mailto:theresa.masse@cisa.dhs.gov"><span style="font-size:10.0pt;color:#0563C1">theresa.masse@cisa.dhs.gov</span></a><u><span style="font-size:10.0pt;color:#0760C1"><o:p></o:p></span></u></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><img border="0" width="97" height="97" style="width:1.0138in;height:1.0138in" id="Picture_x0020_1" src="cid:image001.png@01D979CE.EA25CCF0"><span style="color:#1F497D"><o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>