Hello, Guest!
  • Tuesday, November 12, 2024

OMB Seeks Comments to Inform Implementation of NIST’s Secure Software Development Guidance

The Office of Management and Budget is soliciting feedback through a set of questions to inform the implementation of the National Institute of Standards and Technology’s guidance detailing best practices to improve the security of the software supply chain in accordance with a cybersecurity executive order signed in May 2021.

On Feb. 4, NIST released the Secure Software Development Framework and Software Supply Chain Security Guidance to ensure the security of software being purchased by federal agencies, OMB said Monday.

The executive order directs OMB to require agencies to implement the SSDF and related guidance. However, OMB will seek comments from the private sector on how to implement the guidance before directing agencies to require vendors to attest to compliance with secure software development practices.

OMB is asking stakeholders to describe the ideal process for agencies to secure and retain attestation documents for software being purchased and provide examples of systems, procedures and tools for assessing compliance that should be considered for applicability to the SSDF, among others.

Responses to the questions are due March 18.

NIST will hold a virtual workshop on March 23 to help OMB gain insights from stakeholders to inform the development of implementation guidance for the procurement of secure software by federal agencies.

Video of the Day

Related Articles

OMB Seeks Public Input on Draft FedRAMP Guidance; Clare Martorana Quoted News

OMB Seeks Public Input on Draft FedRAMP Guidance; Clare Martorana Quoted

The Office of Management and Budget has begun soliciting feedback on draft guidance meant to modernize and strengthen the Federal Risk and Authorization Management Program. The draft memorandum seeks to define the scope of cloud offerings subject to FedRAMP, foster a consistent and transparent process for conducting security assessment and authorization of cloud services by

White House Unveils Multiagency R&D Priorities for FY 2025 Budget News

White House Unveils Multiagency R&D Priorities for FY 2025 Budget

The White House Office of Science and Technology Policy and the Office of Management and Budget have issued a memorandum outlining the current administration’s research and development priorities to guide federal agencies as they formulate their budget submissions for fiscal year 2025. One of the multiagency R&D priorities is advancing trustworthy artificial intelligence systems that

White House Outlines Roadmap to Realize National Cybersecurity Vision Cybersecurity

White House Outlines Roadmap to Realize National Cybersecurity Vision

The Biden administration has released its first iteration of a multi-year plan to implement the U.S. federal government’s new national strategy to defend cyberspace. The implementation plan outlines more than 65 high-impact initiatives assigned to specific federal agencies and aligned with the five pillars and 27 strategic objectives of the National Cybersecurity Strategy released in