OMB issues guidance clarifying scope of software self-attestation requirements, policy for addressing gaps

The Office of Management and Budget has issued a memorandum refining upcoming requirements for federal contractors that will self-attest the security of their software, extending the deadline for compliance and adding policy conditions for addressing gaps in attestation.

The memo is an update to a September 2022 OMB memorandum on securing the software supply chain by making improvements to development practices. That memo directed CISA and OMB to create a common self-attestation form for procurement purposes via which...