Within 90 days agencies are to inventory all software subject to the requirements. Image: Sergey Nivens/Shutterstock.com
By: FEDweek StaffThe Biden administration has issued guidance (OMB Memo M-22-18) for agencies under its executive order requiring that they software they use follows certain common cybersecurity practices.
“The global supply chain for these technologies faces relentless threats from nation state and criminal actors seeking to steal sensitive information and intellectual property, compromise the integrity of government systems, and conduct other acts that impact the United States government’s ability to safely and reliably provide services to the public,” it says.
The memo requires agencies to comply with NIST guidance when using third-party software on the agency’s information systems or otherwise affecting the agency’s information, effective with software developed, or that is modified by major version changes, as of its effective date of September 14. The requirements do not apply to agency-developed software, “although agencies are expected to take appropriate steps to adopt and implement secure software development practices for agency-developed software,” it says.
Agencies must “ensure software producers have implemented and will attest to conformity with secure software development practices” before using software; and “may obtain from software producers artifacts that demonstrate conformance to secure software development practices, as needed.”
The memo also sets a series of deadlines for specific actions. These include that within 90 days agencies are to inventory all software subject to the requirements, with a separate inventory for “critical software”; and within 120 days they are to “develop a consistent process to communicate relevant requirements in this memorandum to vendors, and ensure attestation letters not posted publicly by software providers are collected in one central agency system.”
Slight Decline for 2023 COLA Count Through August
House to Consider Bills to Block Schedule F, Strengthen Whistleblower Protections
First Steps Taken Toward Benefits Open Season
OPM Reminds Agencies on Checking Family Member Eligibility
Temporary Funding Among Top To-Dos as Congress Returns
See also,
With FERS Annuity Indexed for Inflation, Fed Retirees Faring Better
Report Examines Options for Increasing Social Security Retirement Age
What Federal Employees Should Know When Responding to Agency Disciplinary Actions
Exceptions to the 10 Percent Early Withdrawal Penalty
