BSA offers suggestions for simplifying CISA software security self-attestation form

BSA-The Software Alliance is urging the Cybersecurity and Infrastructure Security Agency to simplify its software security self-attestation common form with updates on what contractors will need to sign off on and closer alignment to the NIST Secure Software Development Framework.

“CISA could improve the form by simplifying it and having each [attestation] statement stand on its own. Multi-level lists with introductory phrases, some but not all of which appear to be statements to which a software producer must attest, impede...