The Cybersecurity and Infrastructure Security Agency (CISA) of the Department of Homeland Security (DHS) recently published a draft version of a Secure Software Development Attestation Common Form. The draft Common Form is designed to confirm that software producers (i.e., the manufacturers/developers of software products) have followed minimum secure software development practices in compliance with guidance created by the National Institutes of Standards and Technology (NIST). Such affirmation was mandated by a White House Office of Management and Budget (OMB) memorandum issued September 14, 2022, as a prerequisite to acquisition of software by federal agencies. Interested parties have until June 26, 2023 to comment on the draft form.
Read the full blog post.