Federal contracting group raises questions over CISA’s approach to software self-attestation for third party suppliers

The Professional Services Council is raising concerns over how CISA and OMB will address the role of third party suppliers as part of their approach to requiring software producers to self-attest their compliance with the NIST Secure Software Development Framework using a common form.

CISA sought feedback in April on a draft common form for self-attesting compliance as part of the agency’s work to fulfill a requirement from the 2021 cyber executive order. The public comment period concluded on...