The White House issued new cyber security guidelines for Federal agencies
The White House issued a new memo in which Federal agencies must obtain self-attestation from software providers before deploying their software on government systems. According to the guidance, Federal departments must verify that all third-party IT software deployed follow NIST’s (National Institute of Standards and Technology) supply chain security requirements and get proof of conformance from vendors. Within 120 days of the memo, agencies must also develop a consistent process for communicating relevant requirements and collecting letters of attestation from software providers.
The Cybersecurity and Infrastructure Security Agency and the Office of Management and Budget will create a common form that U.S. departments will use to show that software vendors have proven their technology meets NIST’s security guidelines.