The Office of Management and Budget will shortly take feedback from industry on some of the language it plans to use in new cybersecurity self-attestation requirements for software vendors, according to a senior official.
Speaking at the Fortinet Federal Security Transformation Summit hosted by FedScoop, Senior Director for Cybersecurity and Emerging Technology on the National Security Council Steve Kelly said the White House is focused on working collaboratively with software providers as it introduces the new standards.
He said: “OMB is working closely with agencies to ensure a consistent approach to implementation, and [we] plan to soon host a listening session with software makers and other interested parties to continue to take their feedback on some of the language.”
Kelly added that OMB is in the process of completing details of minimum cybersecurity requirements for vendors and that these will likely be published around January next year.
It comes after the White House in September issued a memo requiring federal agencies to obtain self-attestation from software providers before deploying their software on government systems.
According to OMB’s September memo, federal departments must ensure that all third-party IT software deployed adheres to National Institute of Standards and Technology supply chain security requirements and get proof of conformance from vendors.
Kelly stressed also that OMB wants to work closely with industry to ensure that the process for adopting the new standards runs smoothly.
He said: “For software makers unable to attest to one or more of the required security practices, they can submit a plan of action and let us know how they are working to meet the requirements.”