CISA updates draft software self-attestation form to allow opportunities for revisions, address FedRAMP

The Cybersecurity and Infrastructure Security Agency has issued a second draft of its common form for secure software self-attestation that will be used for procurement purposes, with updates addressing potential revisions for contractors and clarifying how to address open source software.

“This self-attestation form identifies the minimum secure software development requirements a software producer must meet, and attest to meeting, before software subject to the requirements of M-22-18 and M-23-16 may be used by Federal agencies. This form is used...