Many cybersecurity professionals agree that self-attestation forms and software bills of material, or SBOMs, are critical components in ensuring a software service or product was developed in compliance with NIST guidance.īut others have argued against setting requirements and deadlines for their implementation, saying that some federal agencies and technology buyers have not yet discovered how to leverage SBOMs and self-attestations to better protect their systems. Industry groups have also expressed concerns about the deadline, including the Information Technology Industry Council, which called on the White House to provide further clarification on the OMB memorandum issued last year. The memo was drafted in part as response to the 2021 SolarWinds hack, where attackers breached a software contractor and uploaded malware to a software update that found its way onto multiple federal agency networks. Vendors can also provide confirmation that they will work to achieve compliance with guidance from the National Institute of Standards and Technology around secure software development. The 2022 memo instructed agencies to collect a standardized self-attestation form from all software vendors before deploying their products, with the goal of the Cybersecurity and Infrastructure Security Agency developing a central repository to maintain that information. 14 deadline to collect the forms from all software providers on their networks. Woytek's remarks come as federal agencies face a June deadline to collect self-attestation forms from "critical software providers," and a Sept. “We’re either going to find some magic wand that makes it happen, or we’re going to have some discussions with the and figure out when this can happen.” “I don’t know what’s going to happen by September,” Woytek said at a summit hosted by NASA SEWP on managing government risk at scale. Joanne Woytek, program manager of NASA's Solutions for Enterprise Wide Procurement contract, said implementing a new White House acquisition rule that requires software vendors to confirm the security of their products was "not as simple as it sounds," while citing government-wide staffing and resourcing challenges. Ann Haase, 30.A program manager for one of the largest federal information technology contract vehicles expressed doubt Monday that agencies will successfully obtain the self-attestation forms needed for all software products deployed on their systems ahead of a looming September deadline. The SEWP IV Procurement Manager for this procurement is E. The contracting officer for this procurement is Darlene Dorsey, 30. NASA's Goddard Space Flight Center, Greenbelt, Md., procures and manages the SEWP IV effort. The prime contractor awardees are listed at: The minimum amount of supplies or services that may be ordered is $2,500 with a maximum of $5.6 billion per contract. The period of performance for each of the contracts is seven years. These Government-Wide Acquisition Contracts are available for ordering by all NASA centers, all federal agencies and their contractors. The principal purpose of the SEWP IV contracts is to provide customers with state-of-the-art computer technologies, high-end scientific and engineering processing capabilities, network equipment and peripherals. WASHINGTON - NASA has awarded 45 commercial, fixed price, indefinite delivery, indefinite quantity contracts to 37 vendors under the Solutions for Enterprise-Wide Procurement IV (SEWP IV).
0 Comments
Leave a Reply. |