Saturday, March 9, 2024

FAR sends Supply Chain Software Security NPRM to OMB

On Thursday, the OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had received a notice of proposed rulemaking (NPRM) from FAR on “Federal Acquisition Regulation (FAR); FAR Case 2023-002, Supply Chain Software Security”. 

According to the Fall 2023 Unified Agenda entry for this rulemaking:

“This rule will require suppliers of software available for purchase by Federal agencies to comply with, and attest to complying with, applicable secure software development practices.  This rule is being issued in accordance with section 4(n) and 4(k) of the Executive Order 14028 titled "Improving the Nation's Cybersecurity” and Office of Management and Budget Memorandum 22-18 and 23-16.”

Interesting to note that the UA entry ‘expected’ the NPRM to be published in December of 2023. It will almost certainly be another month or three before this rulemaking makes its way into the Federal Register.

No comments:

/* Use this with templates/template-twocol.html */