![]() “I don’t have a self-attestation staff,” she said. While the goal of the memorandum was to expand and streamline government cybersecurity oversight, Woytek suggested NASA SEWP and many others were unprepared for its implementation. Many cybersecurity professionals agree that self-attestation forms and software bills of material, or SBOMs, are critical components in ensuring a software service or product was developed in compliance with NIST guidance.īut others have argued against setting requirements and deadlines for their implementation, saying that some federal agencies and technology buyers have not yet discovered how to leverage SBOMs and self-attestations to better protect their systems. Industry groups have also expressed concerns about the deadline, including the Information Technology Industry Council, which called on the White House to provide further clarification on the OMB memorandum issued last year. The memo was drafted in part as response to the 2021 SolarWinds hack, where attackers breached a software contractor and uploaded malware to a software update that found its way onto multiple federal agency networks. Vendors can also provide confirmation that they will work to achieve compliance with guidance from the National Institute of Standards and Technology around secure software development. The 2022 memo instructed agencies to collect a standardized self-attestation form from all software vendors before deploying their products, with the goal of the Cybersecurity and Infrastructure Security Agency developing a central repository to maintain that information. 14 deadline to collect the forms from all software providers on their networks. Woytek's remarks come as federal agencies face a June deadline to collect self-attestation forms from "critical software providers," and a Sept. “We’re either going to find some magic wand that makes it happen, or we’re going to have some discussions with the and figure out when this can happen.” ![]() “I don’t know what’s going to happen by September,” Woytek said at a summit hosted by NASA SEWP on managing government risk at scale. Joanne Woytek, program manager of NASA's Solutions for Enterprise Wide Procurement contract, said implementing a new White House acquisition rule that requires software vendors to confirm the security of their products was "not as simple as it sounds," while citing government-wide staffing and resourcing challenges. SEWP awards are multi-award contracts and adhere to the Fair Opportunity clause (refer to FAR 16.505(b)).Ĭlick on a vendor below to view profile information, SEWP V price lists and ordering information.A program manager for one of the largest federal information technology contract vehicles expressed doubt Monday that agencies will successfully obtain the self-attestation forms needed for all software products deployed on their systems ahead of a looming September deadline. ![]() The statutory authority allowing usage of the SEWP contracts by the entire Federal Government is NASA's designation as an Executive Agent by OMB based on the Information Technology Management Reform Act (ITMRA) of 1996, now the Clinger Cohen Act. The NASA SEWP (Solutions for Enterprise-Wide Procurement) GWAC (Government-Wide Acquisition Contract) provides the latest in Information Technology (IT) products for all Federal Agencies. Agency/Program: NNG15SC39B (Category B, Group D). ![]() Agency/Program: NNG15SC16B (Category A, Group A).immixGroup Public Sector Market Intelligence. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |