The Common Form collection is to provide assurance that software producers have followed specific Secure Software Development Framework (SSDF) elements during the Software Lifecycle Management and to attest to such. The information in the collection will be used to assess the risk the software potentially poses to an agency’s use of its information technology. This self-reporting action, and subsequent collection, includes GSA’s government-wide contracts (e.g., Federal Supply Schedules and Governmentwide Acquisition Contracts), as well as all FAR and non-FAR based contracts (e.g., leasing and concessions).