View RCF - OIRA Conclusion

Title: Secure Software Self-Attestation Common Form

Type of RCF: RCF New
OIRA Conclusion Action: Approved without change	Conclusion Date: 03/15/2024
Retrieve Notice of Action (NOA)	Date Received in OIRA: 03/14/2024
Terms of Clearance:

Description of Agency Usage: VA requests to use this form. The attestation form will be used by VA to help understand whether the software provider followed secure code practices which align with NIST 800-216 Secure Software Development Practices. OMB M-22-18 requires CISA in consultation with OMB to develop a secure software development attestation common form for use by all agencies. VA will collect software attestation information from software suppliers by using this form.

Authorizing Statute(s): None

Annual Cost to Federal Government:
Agency Contact: Forrest Browne 202 714-6863 forrest.browne@va.gov

Common Form Information Collections (IC) in this RCF:

IC Title	Status	Responses	Hours	Dollars	Document Type	Form No.	Form Name
Secure Software Development Attestation Form		3,975	9,632	0	Form and Instruction	N/A	Secure Software Sefl-Attestation Common Form

RCF Summary of Burden:

	Total Approved	Change Due to Agency Discretion
Annual Number of Responses	3,975	3,975
Annual Time Burden (Hours)	9,632	9,632
Annual Cost Burden (Dollars)	0	0

Burden increases because of Program Change due to Agency Discretion: Yes

Burden Increase Due to: Miscellaneous Actions

Burden decreases because of Program Change due to Agency Discretion: No

Burden Reduction Due to:

Short Statement: Initial reporting from VA.