Jump to content

Search the Community

Showing results for tags 'omb m-22-18'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Instructions and Terms of Use
    • Terms Of Use
    • Before You Register, Before You Post, Instructions for Writing Your Question
  • Contracting Forum
    • What Happened?
    • Polls
    • For Beginners Only
    • About The Regulations
    • COVID-19 And Its Effect on Contracting
    • Contracting Workforce
    • Recommended Reading
    • Contract Award Process
    • Contract Pricing Including CAS & Allowable Costs
    • Contract Administration
    • Schedules, GWACS, MACs, IDIQs
    • Subcontracts & Subcontract Management
    • Small Business, Socioeconomic Programs
    • Proposed Law & Regulations; Legal Decisions

Blogs

  • The Wifcon Blog
  • Don Mansfield's Blog
  • Government Contracts Blog
  • Government Contracts Insights
  • Emptor Cautus' Blog
  • SmallGovCon.com
  • The Contractor's Perspective
  • Government Contracts Legal Forum
  • NIH NITAAC Blog
  • NIH NITAAC Blog

Calendars

  • Community Calendar

Product Groups

There are no results to display.

Categories

  • Rules & Tools
  • Legal Opinions
  • News

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests

Found 1 result

  1. Late last year, the United States Office of Management and Budget (OMB) published a memorandum, M-22-18, that required federal agencies to comply with the guidelines regarding ensuring the safety and integrity of third-party software on federal information technology systems. This memorandum applied to the use of firmware, operating systems, applications, cloud-based software and general software. The memo requires federal agencies to comply with the National Institute of Standards and Technology (NIST) guidance, as detailed in President Biden’s cybersecurity Executive Order 14028, and stipulated that agencies “only use software provided by software producers who can attest to complying with the Government-specified secure software development practices, as described in the NIST Guidance.” The memo instructed agencies to collect a standardized self-attestation form from all software contractors before deploying their products. Initially, each agency will identify the software and collect the self-attestations forms. The end goal is to create a government-wide central repository of all software-related information, to shore up any cybersecurity vulnerabilities. I wanted to provide you with a brief update on where the NIH Information Technology Acquisition and Assessment Center (NITAAC) is in the self-attestation process and make you aware of some key dates that will impact your company. NITAAC is working with the OMB to determine the formal agency posture on this matter. We also are working to finetune the process for our communications requirements, as it relates to collecting the self-attestation forms. In the meantime, contractors should be aware of the following key dates: June 11, 2023: NITAAC deadline to collect self-attestation forms from critical software providers. September 14, 2023: NITAAC deadline to collect the forms from all software providers on the NITAAC networks. TBD: If needed, NITAAC will request a software bill of materials or other artifact(s) that demonstrate conformance with secure software development practices. You will hear more from NITAAC as we get additional clarity, however, I wanted you to know you are not in this alone. I understand that this request presents several challenges on your end, in terms of staffing and the additional labor required to conduct and submit the self-attestations. We face those same challenges at NITAAC. One of the biggest obstacles being faced on the federal level is that of time. The reality is that the government likely will not be able to produce and distribute the attestation forms in a timely manner. Unfortunately, if we cannot do so, this administrative burden will fall upon our contract holders, as you will then need to develop your own forms. I can’t promise that this process will be smooth, as there are several variables at play, but what I can promise is that we will be as transparent as possible and will make it our business to provide you with timely and relevant updates. I value our partnership and look forward to attesting the safety, integrity and security of all the software our contract holders provide to the federal government. This will become just one more example of the high-quality, best in class service agencies can expect from the NITAAC Contract Holders. We will discuss this further on our next Contact Holders’ call. To read the Executive Order, visit https://www.nist.gov/itl/executive-order-14028-improving-nations-cybersecurity. To learn more about the OMB Memo, visit https://www.whitehouse.gov/wp-content/uploads/2022/09/M-22-18.pdf.
×
×
  • Create New...