The White House issued new cyber security guidelines for Federal agencies

The White House mandates Federal agencies to ensure software providers meet cybersecurity requirements before deploying on government systems. Agencies must collect proof of compliance from vendors and establish a standardized process for communication and verification within 120 days. A common form will be developed by Cybersecurity and Infrastructure Security Agency and Office of Management and Budget for departments to demonstrate vendors’ adherence to security guidelines.

The White House issued a new memo in which Federal agencies must obtain self-attestation from software providers before deploying their software on government systems. According to the guidance, Federal departments must verify that all third-party IT software deployed follow NIST’s (National Institute of Standards and Technology) supply chain security requirements and get proof of conformance from vendors. Within 120 days of the memo, agencies must also develop a consistent process for communicating relevant requirements and collecting letters of attestation from software providers. 

The Cybersecurity and Infrastructure Security Agency and the Office of Management and Budget will create a common form that U.S. departments will use to show that software vendors have proven their technology meets NIST’s security guidelines.