SPECIAL NOTICE
99 -- Notice regarding Memorandum M-22-18 �Enhancing the Security of the Software Supply Chain through Secure Software Development Practices""
- Notice Date
- 5/16/2023 8:58:28 AM
- Notice Type
- Special Notice
- Contracting Office
- SOCIAL SECURITY ADMINISTRATION US
- ZIP Code
- 00000
- Archive Date
- 10/31/2023
- Point of Contact
- Traci Leach-Walker
- E-Mail Address
-
traci.leach-walker@ssa.gov
(traci.leach-walker@ssa.gov)
- Description
- On May 12, 2021, President Biden signed Executive Order (EO) 14028 �Improving the Nation's Cybersecurity.� This EO outlines over 55 actions, including the following key points: Remove barriers to cyber threat information sharing between government and the private sector Modernize and implement more robust cybersecurity standards in the Federal Government Improve software supply chain security Establish a Cybersecurity Safety Review Board Create a standard playbook for responding to cyber incidents Improve detection of cybersecurity incidents on Federal Government networks Improve investigative and remediation capabilities Section 4, �Enhancing Software Supply Chain Security� of the EO states, �[t]he development of commercial software often lacks transparency, sufficient focus on the stability of the software to resist attack, and adequate controls to prevent tampering by malicious actors.� To address these concerns, the EO required the National Institute of Standards and Technology (NIST) to issue guidance including standards, procedures, or criteria to strengthen the security of the software supply chain. To implement the EO, the Office of Management and Budget (OMB) issued Memorandum M-22-18 �Enhancing the Security of the Software Supply Chain through Secure Software Development Practices.� OMB�s memorandum requires agencies to only use software provided by software producers who can attest to complying with Federal Government-specified secure software development practices, as described in NIST Special Publication (SP) 800�218 Secure Software Development Framework. �Specifically, OMB�s memorandum requires agencies to �obtain a self-attestation from the software producer before using the software.� This requirement applies to new software developed after the date of memo issuance (September 14, 2022) as well as existing software that is modified by major version changes after the date of memo issuance. The purpose of this Special Notice is to alert software contractors to the upcoming software attestation requirements. �Contractors are further instructed to read and understand Executive Order (EO) 14028, Improving the Nation's Cybersecurity (issued May 12, 2021), which requires agencies to enhance cybersecurity and software supply chain integrity; OMB�s Memorandum M-22-18, which instructs Federal agencies to comply with the NIST Guidance when using third-party software on the agency�s information systems or otherwise affecting the agency�s information; all applicable NIST standards; and the draft�Secure Software Development Attestation Form.
- Web Link
-
SAM.gov Permalink
(https://sam.gov/opp/c29ac228ea1d4b02902681c7dc5bb595/view)
- Record
- SN06683611-F 20230518/230517212020 (samdaily.us)
- Source
-
SAM.gov Link to This Notice
(may not be valid after Archive Date)
| FSG Index | This Issue's Index | Today's SAM Daily Index Page |