Federal Manager's Daily Report

Within 90 days agencies are to inventory all software subject to the requirements. Image: Sergey Nivens/Shutterstock.com

The Biden administration has issued guidance (OMB Memo M-22-18) for agencies under its executive order requiring that they software they use follows certain common cybersecurity practices.

“The global supply chain for these technologies faces relentless threats from nation state and criminal actors seeking to steal sensitive information and intellectual property, compromise the integrity of government systems, and conduct other acts that impact the United States government’s ability to safely and reliably provide services to the public,” it says.


The memo requires agencies to comply with NIST guidance when using third-party software on the agency’s information systems or otherwise affecting the agency’s information, effective with software developed, or that is modified by major version changes, as of its effective date of September 14. The requirements do not apply to agency-developed software, “although agencies are expected to take appropriate steps to adopt and implement secure software development practices for agency-developed software,” it says.

Agencies must “ensure software producers have implemented and will attest to conformity with secure software development practices” before using software; and “may obtain from software producers artifacts that demonstrate conformance to secure software development practices, as needed.”

The memo also sets a series of deadlines for specific actions. These include that within 90 days agencies are to inventory all software subject to the requirements, with a separate inventory for “critical software”; and within 120 days they are to “develop a consistent process to communicate relevant requirements in this memorandum to vendors, and ensure attestation letters not posted publicly by software providers are collected in one central agency system.”

Slight Decline for 2023 COLA Count Through August

House to Consider Bills to Block Schedule F, Strengthen Whistleblower Protections

First Steps Taken Toward Benefits Open Season

OPM Reminds Agencies on Checking Family Member Eligibility

Temporary Funding Among Top To-Dos as Congress Returns

Vaccine Mandate Back in Court for Another Round of Argument

Reminder: Postal-Only Health Plan Not Coming Until 2025

See also,

With FERS Annuity Indexed for Inflation, Fed Retirees Faring Better

Report Examines Options for Increasing Social Security Retirement Age

What Federal Employees Should Know When Responding to Agency Disciplinary Actions

Exceptions to the 10 Percent Early Withdrawal Penalty

What Happens to Your Retirement Application

Your FERS Annuity is Worth More Than You Think

2022 Federal Employees Handbook