Yesterday we continued our sequence (see listed here and listed here) with the Workplace of Management and Budget’s September 2022 memorandum demanding federal agencies to only use computer software from software package producers that attest compliance with safe software package enhancement advice issued by the NIST. The new specifications will utilize to any 3rd-party application that is made use of on federal government info methods or that in any other case “affects” governing administration facts. You can go through our article about the assistance listed here.
The Much Council is now drafting a proposed Far rule addressing Provide Chain Computer software Stability to combine these specifications into federal contracts.
Placing it Into Observe – What to count on in 2023: OMB’s steerage supplied a timeline for agency adoption of these requirements and when specifications will be communicated to program producers. We hope agencies will begin communicating prerequisites in early 2023 and begin gathering attestation letters for important software this summer time. Software producers ought to examine their software against the NIST direction. For federal contractors and software package resellers, the effects and scope of these prerequisites continues to be unclear, but we foresee further assistance in 2023.