On March 11, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) and the Office of Management and Budget (OMB) unveiled the final version of the Secure Software Development Attestation Form. This pivotal document, two years in the making, is set to transform the enforcement of minimum security standards for software purchased by US Federal agencies. Crafted in response to the Executive Order on enhancing national cybersecurity issued in 2021, the form requires vendors supplying software to federal entities to certify through a CEO or an authorized designee's signature that their software is developed securely, adhering to the Secure Software Development Framework (SSDF) guidelines established by NIST.
Article Link: Secure Software Development Attestation Form: Sonatype helps you comply