Image: VideoFlow/Shutterstock.com
OMB has issued a memo to agencies reinforcing security and integrity requirements for their software under a 2021 executive order that among other things requires agencies to comply with Software Supply Chain Security Guidance from the National Institute of Standards and Technology.
Under a 2022 OMB memo, agencies must only use software that is provided by software producers who can attest to complying with government-specified minimum secure software development practices. For those purposes “software” includes firmware, operating systems, applications, and application services such as cloud-based software, as well as products containing software.
The new memo, M-23-16, clarifies policies regarding third-party components, freely obtained and publicly available proprietary software, and federal contractor developed software; provides guidance on the use of plans of action and milestones; extends timelines for agencies to collect attestations from software producers; and more.
Large Share of Federal Workforce about to Experience a Payless Pay Period
OPM Details Coverage Changes, Plan Dropouts for FEHB/PSHB in 2026
OMB Says Federal Workforce RIFs are Starting as Shutdown Drags On
Financial Impact of Shutdown Starts to Hit Home; WH Threatens No Back Pay
Surge of Retirement Applications Is in the Pipeline, Says OPM
See also,
TSP Takes Step toward Upcoming In-Plan Roth Conversions
5 Steps to Protect Your Federal Job During the Shutdown
Over 30K TSP Accounts Have Crossed the Million Mark in 2025
The Best Ages for Federal Employees to Retire