Critical Infrastructure Security

Software attestation deadline extended

FedScoop reports that the U.S. Office of Management and Budget has issued a new memo extending federal agencies' time to collect attestations for critical and non-critical software until three and six months after it approves the attestation form, respectively. Aside from giving federal agencies more time to gather attestations, the OMB has also emphasized that attestations are not needed for open-source software, which a senior official said would benefit smaller federal agencies. Moreover, federal agency chief information officers have been tasked to classify whether their agencies should consider contractor-developed software as their own, while software manufacturers that could not attest to practices in the form would be required to submit a Plan of Action and Milestones document to agencies. "If the agency finds the documentation satisfactory, it may continue using the software, but must concurrently seek an extension of the deadline for attestation from OMB. Extension requests submitted to OMB must include a copy of the software producer's POA&M," said the memo.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.