The standards agency said an attestation from the vendor themselves would be sufficient when screening for cybersecurity, unless an agency’s risk calculus suggests otherwise.
Article Link: NIST Suggests Agencies Accept the Word of Software Producers Per Executive Order - Nextgov