Home > Technology > White House tightens rules on federal software purchases – Roll Call

White House tightens rules on federal software purchases – Roll Call

Within 90 days, all federal agencies must prepare an inventory of their software and within six months agencies must ask vendors to attest that their software was developed using secure processes.

The OMB memo said the Cybersecurity and Infrastructure Security Agency would establish a standard attestation form. CISA would also set up a government-wide repository where all agencies can store the attestation forms submitted by software vendors.

“Not too long ago, the only real criteria for the quality of a piece of software was whether it worked as advertised,” Chris DeRusha, the federal chief information security officer, said in a statement. “With the cyber threats facing federal agencies, our technology must be developed in a way that makes it resilient and secure.”

“This is not theoretical,” DeRusha said. “Foreign governments and criminal syndicates are regularly seeking ways to compromise our digital infrastructure.”

BSA | The Software Alliance, a trade group representing major companies including Microsoft, IBM, Intel and others, welcomed the new rules.