OMB reverses Biden-era software attestation order
nextgov.com
A new executive branch memorandum instead allows agencies to lean on software bills of materials, or SBOMs, in lieu of a universal attestation framework.
The White House on Friday rescinded a 2022 order that mandated a single, standardized self-attestation form for federal agencies to obtain cybersecurity assurances from software vendors, arguing the policy hindered agencies from adopting security solutions for their specific system needs.
“There is no universal, one-size-fits-all method of achieving that result,” Office of Management and Budget Director Russ Vought said in the memo released Friday. “Each agency should validate provider security utilizing secure development principles and based on a comprehensive risk assessment.”
Former President Joe Biden signed the landmark Executive Order 14028 in May 2021, which led to the issuance of the original memo. The directive was meant to respond to the massive SolarWinds intrusion campaign that compromised multiple federal agencies.
A software attestation is typically a ...
Copyright of this story solely belongs to nextgov.com . To see the full text click HERE