Request for comment on secure software self-attestation common form

May 1, 2023
The release is part of a larger effort by the Biden administration to strengthen software security at the development stage

Advancing progress toward a technology environment where all software products are safe and secure by design is a top priority for CISA, the broader U.S. government, and the global cybersecurity community. As a step on this journey, Executive Order 14028 and the Office of Management and Budget’s (OMB) M-22-18, Enhancing the Security of the Software Supply Chain through Secure Software Development Practices, required the development of a self-attestation form in which software producers serving the federal government will be required to confirm the implementation of specific security practices.

On April 27, CISA released a 60-day Request for Comment to solicit public feedback on a draft self-attestation form. CISA developed this draft form in close consultation with OMB and based upon practices established in the National Institute of Standards and Technology’s Secure Software Development Framework (SSDF).  CISA encourages all interested parties to: