91pro视频: Stakeholder Collaboration is Crucial to Improve CISA鈥檚 Software Self-Attestation Form聽

News Releases - 91pro视频: Stakeholder Collaboration is Crucial to Improve CISA鈥檚 Software Self-Attestation Form聽

News Releases

December 15, 2023

WASHINGTON – Today, global tech trade association 91pro视频 provided feedback to the White House Office of Management and Budget (OMB) and Cybersecurity and Infrastructure Security Agency’s (CISA) open Request for Comment on Secure Software Self-Attestation Form. CISA developed the draft common form in partnership with OMB to provide federal agencies with a standardized way to implement the requirements that aim to ensure the security of federally used software.

91pro视频 has called on CISA and OMB to prioritize partnership with trusted industry partners as the agencies address outstanding issues with the draft form.

“We appreciate the opportunity to submit these comments as we believe that important steps need to be taken before the collection of these forms can commence. Some of the changes from the previous version address concerns that many within industry had raised...Other changes, however, negate the positive progress that has been made, exacerbate old problems, or create new ones entirely. Moreover, several critical points that industry previously raised remain unaddressed,” 91pro视频 wrote in its comments.

"To set federal agencies and software producers up for success to meet the requirements outlined in M-22-18 and M-23-16, we believe additional steps need to be taken,” 91pro视频 continued in its comments.

91pro视频’s submission provided multiple recommendations to the federal government, including:

Reinstate the designee option for signature; Align the attestation language to avoid legal ambiguity;
Clearly define the term “provenance” to avoid confusion;
Clarify and correct the burden statement to enhance practicability and accuracy;
Specify the collection process for software developed before the final form was available;
Adjust collection times and correct technical issues in line with agency timelines and responsibilities; and
Organize a public-private working session with an appropriate mix of corporate legal teams from software producers of different sizes, geographies, and business models.

Read 91pro视频’s full submission here.

Cybersecurity, Public Sector]" tabindex="0">Related [Cybersecurity, Public Sector]