Get the Best GovCon News Straight to your Inbox


Industry Council Urges OMB to Explain Cybersecurity Self-Attestation Rules for Software Vendors

Security standards

Industry Council Urges OMB to Explain Cybersecurity Self-Attestation Rules for Software Vendors

The Information Technology Industry Council has sent a letter to Shalanda Young, director of the Office of Management and Budget, urging clarification on upcoming self-attestation requirements for third-party software products sold to the government. The petition called for a standardized rollout and request form across federal agencies and a pilot run for the collection of attestations and artifacts, FedScoop reported.

ITI is a trade group representing large companies such as Google, Microsoft, Amazon and Oracle. It joined other business associations in an April letter to Congress advocating for at least $300 million to be allocated to the Technology Modernization Fund for fiscal year 2023, arguing that such a move would advance government-wide cybersecurity goals such as zero trust.

In 2020, the council issued a policy recommendation that called for the consideration of alternatives to the Cybersecurity Maturity Model Certification program and other accreditation requirements for software vendors. One suggestion was self-attestation, which ITI argued was supported by international standards.

OMB is working with the Cybersecurity and Infrastructure Security Agency to craft a self-attestation form for suppliers as part of a mandate by the Biden administration. Software vendors are required to comply with security rules set by the National Institute of Standards and Technology.

GovCon Wire Logo

Sign Up Now! Potomac Officers Club provides you with Daily Updates and News Briefings about Cybersecurity

Category: Cybersecurity

Tags: cybersecurity FedScoop Information Technology Industry Council Office of Management and Budget self-attestation Shalanda Young software vendor