White House Nixes Biden-Era Software Security Rules

Analysts Warn of Patchwork Federal Assurance Standards After Rollback Chris Riotta (@chrisriotta) • February 3, 2026

Cybersecurity analysts say the White House's rollback of Biden-era software attestation rules reflect broad frustration with compliance-driven security requirements - but warn the move could leave federal agencies with fewer consistent safeguards if the rules are not replaced.

See Also: On-Demand | NYDFS MFA Compliance: Real-World Solutions for Financial Institutions

The Office of Management and Budget rescinded two directives requiring agencies to obtain software security attestations from vendors before deploying their products, reversing a pillar of the previous administration's secure-software supply chain strategy. The move withdrew OMB Memorandum 22-18 and its companion policy M-23-16, which directed agencies to require software producers to self-attest compliance with secure development practices aligned with National Institute of Standards and Technology guidance under a 2021 cybersecurity executive order.

In a new memo, OMB Director Russell Vought ...