SPECIAL NOTICE
99 -- Notice regarding Executive Order 14028, Improving the Nation's Cybersecurity
- Notice Date
- 3/7/2023 1:02:00 PM
- Notice Type
- Special Notice
- Contracting Office
- VETERANS AFFAIRS, DEPARTMENT OF
- ZIP Code
- 00000
- Archive Date
- 03/09/2024
- Description
- This notification is being provided to alert software contractors (including producers and resellers) to read and understand Executive Order (EO) 14028, Improving the Nation's Cybersecurity (issued May 12, 2021) requiring agencies to enhance cybersecurity and software supply chain integrity. Further, as defined in the Software Security Guidance Under Executive Order (EO) 14028 Section 4e, these requirements apply to all software acquired and/or used by VA, which includes firmware, operating systems, applications, and application services (e.g., cloud-based software, as well as products containing software). On September 14, 2022, Office of Management and Budget (OMB) released Memorandum M-22-18 to instruct Federal agencies to comply with the NIST Guidance when using third-party software on the agency�s information systems or otherwise affecting the agency�s information. This includes new software purchases, software renewals and major version changes for software developed or modified after the issuance date of M-22-18.� The FAR Council has opened a proposed rule, FAR Case 2023-002, to implement section 4(n) of EO 14028. This rule will also focus on the requirements outlined in OMB M-22-18. VA intends to implement collection of the attestation letters in accordance with the OMB memorandum and once the rule is finalized; relevant VA acquisition policy may be updated to further implement the FAR rule. At this time, evidence of documentation is not required to be provided to VA until such time that notification is provided to vendors.� OMB Memorandum M-22-18�Enhancing the Security of the Software Supply Chain through Secure Software Development Practices Federal Register�- EO 14028 Improving the Nation's Cybersecurity OMB Memorandum M-22-09, Moving the U.S. Government Toward Zero Trust Cybersecurity Principles National Security Memorandum/NSM-8�on Improving the Cybersecurity of National Security, Department of Defense, and Intelligence Community Systems OMB Memorandum M-22-05,�Fiscal Year 2021-2022 Guidance on Federal Information Security and Privacy Management Requirements OMB Memorandum M-22-01, Improving Detection of Cybersecurity Vulnerabilities and Incidents on Federal Government Systems through Endpoint Detection and Response OMB Memorandum M-21-31�Improving the Federal Government%u2019s Investigative and Remediation Capabilities Related to Cybersecurity Incident OMB Memorandum M-21-30�Protecting Critical Software Through Enhanced Security Measures
- Web Link
-
SAM.gov Permalink
(https://sam.gov/opp/fa27069e65dc4350b79d37b129ed9431/view)
- Record
- SN06610446-F 20230309/230307230110 (samdaily.us)
- Source
-
SAM.gov Link to This Notice
(may not be valid after Archive Date)
| FSG Index | This Issue's Index | Today's SAM Daily Index Page |