Inside Cybersecurity

February 16, 2025

Daily News

General Services Administration issues guidance for FedRAMP participants to comply with CISA software self-attestation requirements

By Sara Friedman / July 2, 2024

The General Services Administration is providing guidance to cloud services providers under its FedRAMP program on fulfilling secure software development attestation requirements based on a common form developed by CISA and the Office of Management and Budget.

The common form, released on March 11, is derived from the NIST Secure Software Development Framework, which was updated as part of NIST’s work to carry out the 2021 cyber executive order. While the common form is based on self-attestation, it also...


Log in to access this content.


Not a subscriber? Sign up for 30 days free access to exclusive news and analysis on cybersecurity regulations and more.