State Department Readies Industry Partners for OMB’s Software Risk Management Rules

The Department of State will begin evaluating software from its industry partners to prepare them for the upcoming software cybersecurity rules from the Office of Management and Budget.

In an interview with Federal Insights, Michael Derrios, deputy assistant secretary and senior procurement executive at the State Department and a past Potomac Officers Club speaker, said solicitations from the agency will require vendors to submit software bills of materials and software cybersecurity self-attestation forms confirming that their products comply with the National Institute of Standards and Technology’s supply chain security requirements.

Derrios noted the importance of conditioning its vendor base to provide secure software, citing the increasing efforts of malicious cyber actors to infiltrate the agency’s systems, Federal News Network reported.

All U.S. federal agencies were originally required to collect attestation forms from vendors by June 12 for critical software and Sept. 14 for all other software. The OMB, however, extended the deadline to wait for the Cybersecurity and Infrastructure Security Agency to finalize a common attestation form. 

NIST, meanwhile, is developing rules for implementing the new supply chain risk management processes in response to a 2021 executive order to improve U.S. cybersecurity.  The EO was issued following a large-scale cyberattack on SolarWinds in 2020 resulting in data breaches in multiple federal agencies and the private sector.

Sign Up Now! Potomac Officers Club provides you with Daily Updates and News Briefings about Speaker News

Join Us Now