Friday, May 31, 2024

OMB Approves FAR Software Supply Chain Security NPRM

Yesterday, the OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had approved a notice of proposed rulemaking for the Federal Acquisition Regulation on “Federal Acquisition Regulation (FAR); FAR Case 2023-002, Supply Chain Software Security”. This NPRM was sent to OIRA on March 9th, 2024.

According to the Fall 2023 Unified Agenda entry for this rulemaking:

“This rule will require suppliers of software available for purchase by Federal agencies to comply with, and attest to complying with, applicable secure software development practices.  This rule is being issued in accordance with section 4(n) and 4(k) of the Executive Order 14028 [link added] titled "Improving the Nation's Cybersecurity” and Office of Management and Budget Memorandum 22-18 and 23-16 [links added].”

Sounds like another use for CISA’s Software Attestation form….

No comments:

 
/* Use this with templates/template-twocol.html */