Secure Software Development Self-Attestation Resources and Knowledge

The Federal Information Security Modernization Act of 2014 (FISMA) mandates that all Federal agencies implement comprehensive security measures to protect the information they collect or maintain, as well as the information systems they use. This includes information systems operated by the agency itself, as well as those managed by contractors or other organizations on behalf of the agency. 

Steps for Self-Attestation 

• Review NIST Guidance 
• Conduct Internal Assessment 
• Prepare Documentation 
• Submit Self-Attestation 
• Continuous Monitoring 

• Meeting Recordings
  • 7/24/24
  • 7/31/24
  • 8/7/24
• Slide Decks
  • Week 1: Secure Software Development Self-Attestation Collaboration Opportunity
  • Week 2: Secure Software Development Self-Attestation Collaboration Opportunity
  • Week 3: Secure Software Development Self-Attestation Collaboration Opportunity
  • Week 4: Secure Software Development Self-Attestation Collaboration Opportunity
  • Week 5: Secure Software Development Self-Attestation Collaboration Opportunity
• Software Acquisition Guide for Government Enterprise Consumers: Software Assurance in the Cyber-Supply Chain Risk Management (C-SCRM) Lifecycle 
  • Software Acquisition Guide for Government Enterprise Consumers
  • Software Acquisition Guide for Government Enterprise Consumers Spreadsheet 
• Forms and Templates
  • NASA-approved Secure Software Development Self-Attestation Form
  • Secure Software Development POA&M & waiver template
  • Supplier Publisher Communication
• Resources and Links 
  • Executive Order 14028 – https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/ 
  • OMB M-22-18 – https://www.whitehouse.gov/wp-content/uploads/2022/09/M-22-18.pdf 
  • OMB M-23-16 – https://www.whitehouse.gov/wp-content/uploads/2023/06/M-23-16-Update-to-M-22-18-Enhancing-Software-Security.pdf 
  • NIST 
    • Software Supply Chain Security Guidance – https://www.nist.gov/itl/executive-order-14028-improving-nations-cybersecurity/software-supply-chain-security-guidance 
    • Secure Software Development Framework, SP 800-218 – https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-218.pdf 
  • CISA 
    • Repository for Software Attestations and Artifacts (RSAA) – https://softwaresecurity.cisa.gov/login Software Bill of Materials (SBOM) – https://www.cisa.gov/sbom Fall SBOM-a-Rama – https://www.cisa.gov/news-events/events/sbom-rama-fall-2024 
    • Secure by Design – https://www.cisa.gov/securebydesign