Federal Manager's Daily Report

Image: whiteMocca/Shutterstock.com

OMB has told federal agencies to begin carrying out standards on software security recently issued by the National Institute of Standards and Technology  under a 2021 executive order requiring the government to purchase only software that is developed securely.

That order told OMB to require agencies to begin implementation within 30 days of the NIST issuing that guidance, called the Secure Software Development Framework. “As such, federal agencies must begin to adopt the SSDF and related guidance effective immediately, tailoring it to the agency’s risk profile and mission,” OMB said in online posting.


“OMB understands vendor attestation of secure software development practices has significant implications for vendors and service providers supporting delivery. As a result, OMB will engage with the private sector on how best to implement this requirement before directing agencies to require an attestation,” it added.

OMB said it will seek feedback on implementation in advance of a workshop to be conducted March 23 at https://www.nist.gov/news-events/events/2022/03/workshop-inform-implementation-guidance-federal-procurement-secure.

The SSDF guidance is at https://csrc.nist.gov/Projects/ssdf; related guidance regarding the supply chain is at https://www.nist.gov/system/files/documents/2022/02/04/software-supply-chain-security-guidance-under-EO-14028-section-4e.pdf.

Workplace Protocols Further Loosened, but Little Further Word on ‘Reentry’

VA Restructuring Plan Would Change Footprint, Focus

VA Facilities Proposal Also Seeks Recruitment, Retention Authorities

Rules Coming on Consideration of Prior Salaries in Pay Setting, Says OPM

USPS Moves to Loosen Some Ethics Rules for Employees

Guidance: New, Updated Guidance Issued on Workplace Safety Measures

Biden Signs Bill Funding Agencies Through Rest of Fiscal Year

Smoothing the Road for Your Retirement Application

2022 Federal Employees Handbook