OMB official: Software self-attestation approach is intended to set ‘baseline’ for security

The upcoming federal software self-attestation common form will be a “baseline” for security and could lead to additional requirements for contractors at a later date, according to OMB official Mitch Herckis.

The CISA self-attestation form published in April for public comment “gives us a baseline and foundation of secure development and visibility” into the “minimum requirements we put forward,” Herckis said Thursday at a NIST advisory board meeting. “I could see those changing [based on] the environment, expectations and...