The Cybersecurity and Infrastructure Security Agency is attempting to make cybersecurity a high-level issue for companies by only allowing top executives to sign off on a new secure software attestation form that will be used across the federal government.
CISA released the second draft of the “secure software development attestation form” this week after releasing an initial version of the form in April. The form is a key component in a government-wide push to ensure agencies use securely developed software. The attestation’s form’s requirements are based on the National Institute of Standards and Technology’s Secure Software Development Framework (SSDF).
The latest version of the form is now open for comment to CISA and the White House Office of Management and Budget through Dec. 18. Once the form is finalized, OMB will require agencies to start using the form within three months for all “critical software” and six months for most other third-party software.
After receiving more than 100 public comments, CISA made limited changes to the form.
One key…
