Biden's Cybersecurity Order:  OMB's Action Plan for Federal Software Security

The US OMB has released new guidance for federal agencies to acquire security guarantees from software vendors

The guidance builds upon President Biden's cybersecurity executive order and a previous directive (M-22-18) from last year

Vendors must provide guarantees for software developed after September 14, 2022, and major updates or continuous service updates

Attestations can include self-attestation forms, software bill of materials (SBOM), and running a vulnerability disclosure program

The latest memorandum (M-23-16) reiterates the directives and extends the deadline for agencies to receive attestations

Agencies need to evaluate the risk of freely obtained and publicly available proprietary software and attestations are required for contractor-deployed software

If a vendor can't provide an attestation, agencies can request an extension if they provide documentation on non-compliant practices

Sectrio's global threat report

Explore Sectrio's global threat report to learn more about OT/ICS & IoT cybersecurity challenges and best practices