The White House issued new cyber security guidelines for Federal agencies
The White House mandates Federal agencies to ensure software providers meet cybersecurity requirements before deploying on government systems. Agencies must collect proof of compliance from vendors and establish a standardized process for communication and verification within 120 days. A common form will be developed by Cybersecurity and Infrastructure Security Agency and Office of Management and Budget for departments to demonstrate vendors’ adherence to security guidelines.
The White House issued a new memo in which Federal agencies must obtain self-attestation from software providers before deploying their software on government systems. According to the guidance, Federal departments must verify that all third-party IT software deployed follow NIST’s (National Institute of Standards and Technology) supply chain security requirements and get proof of conformance from vendors. Within 120 days of the memo, agencies must also develop a consistent process for communicating relevant requirements and collecting letters of attestation from software providers.
The Cybersecurity and Infrastructure Security Agency and the Office of Management and Budget will create a common form that U.S. departments will use to show that software vendors have proven their technology meets NIST’s security guidelines.
About author
DW Team
The GIP Digital Watch Observatory team, consisting of over 30 digital policy experts from around the world, excels in the fields of research and analysis on digital policy issues. The team is backed by the creative prowess of Creative Lab Diplo and the technical expertise of the Diplo tech team.