Cyber

OMB to hold listening session with industry on software security self-attestation

National Security Council official Steve Kelly says the White House is targeting a January launch for new self-attestation requirements.

By John Hewitt Jones

December 14, 2022

Steve Kelly speaks at the 2022 Security Transformation Summit. (FedScoop)

The Office of Management and Budget will shortly take feedback from industry on some of the language it plans to use in new cybersecurity self-attestation requirements for software vendors, according to a senior official.

Speaking at the Fortinet Federal Security Transformation Summit hosted by FedScoop, Senior Director for Cybersecurity and Emerging Technology on the National Security Council Steve Kelly said the White House is focused on working collaboratively with software providers as it introduces the new standards.

He said: “OMB is working closely with agencies to ensure a consistent approach to implementation, and [we] plan to soon host a listening session with software makers and other interested parties to continue to take their feedback on some of the language.”

Kelly added that OMB is in the process of completing details of minimum cybersecurity requirements for vendors and that these will likely be published around January next year.

It comes after the White House in September issued a memo requiring federal agencies to obtain self-attestation from software providers before deploying their software on government systems.

According to OMB’s September memo, federal departments must ensure that all third-party IT software deployed adheres to National Institute of Standards and Technology supply chain security requirements and get proof of conformance from vendors.

Kelly stressed also that OMB wants to work closely with industry to ensure that the process for adopting the new standards runs smoothly.

He said: “For software makers unable to attest to one or more of the required security practices, they can submit a plan of action and let us know how they are working to meet the requirements.”

OMB to hold listening session with industry on software security self-attestation

More Like This

DOJ ‘not aware of any’ identity theft, fraud following consultant’s data breach

CISA emergency directive tells agencies to fix credentials after Microsoft breach

Congress presses VA on modernization overhaul, supply chain system upgrade

Top Stories

CMS’s financial office is using LLM pilot to combat loss of institutional knowledge

Top public sector takeaways from Google Cloud Next 2024

With 2023 tax season in the rearview, IRS commissioner eyes expansion of AI capabilities

Commerce requests information about AI, open data assets, data dissemination

Commerce adds five members to AI Safety Institute leadership

Kiran Ahuja to step down as OPM director

ICE pursuing privacy approvals related to controversial phone location data

More Scoops

State Department trims several uses from public AI inventory

AI talent role, releasing code, deadline extension among additions in OMB memo

CISA, OMB release secure software development attestation form

On some basic metadata practices, US government gets an ‘F,’ per new online tracker

OMB memo outlines digital accessibility expectations for federal agencies

OMB extends comment period for new FedRAMP guidance

Software license negotiation, leveraging data among elements of new Biden contracting strategy

Latest Podcasts

OMB to hold listening session with industry on software security self-attestation

Google’s Chris Hein on how AI is changing how citizens relate to government

OPM’s tech-friendly director steps down

World Bank’s Partha Perumbali and Aretec’s Waqas Haq on AI-powered search

Tech

Defense

Cyber

Acquisition