White House issues new software security guidance for agencies

Federal agencies have been ordered by a new White House software security guidance to provide a complete inventory of software in use within 90 days, reports The Record, a news site by cybersecurity firm Recorded Future. The White House has also ordered federal agency chief information officers to develop a process for informing software vendors about the requirements within 120 days, while attestation letters from vendors regarding critical software should be collected within 270 days, with letters for all software to be collected by next September. Moreover, federal agency employees should be given organizational training on validating software vendors' claims within six months. Efforts to strengthen software security have been top of mind for the federal government, especially after the widespread SolarWinds cyberattack that compromised numerous federal agencies and corporations, according to Federal Chief Information Security Officer and Deputy National Cyber Director Chris DeRusha. "This incident was one of a string of cyber intrusions and significant software vulnerabilities over the last two years that have threatened the delivery of government services to the public, as well as the integrity of vast amounts of personal information and business data that is managed by the private sector," added DeRusha.