View RCF  - OIRA Conclusion

202404-3064-002CF
Active 03/31/2027
FDIC
1670-0052 202311-1670-001
Secure Software Development Attestation Form
RCF New
 Approved without change   04/17/2024
Retrieve Notice of Action (NOA) 04/17/2024
FDIC intends to use this form to obtain self-attestations from software producers that their software is developed in conformity with Government-specified minimum secure software development practices. The information in this collection will be used to assess any potential risk in the agency’s use of the software. Use of this information and the resulting analysis will assist FDIC in protecting Federal systems from threats and vulnerabilities, as well as reducing overall risk from cyber attacks.
EO: EO 14028 Name/Subject of EO: Improving the Nation’s Cybersecurity
 
Manuel Cabeza 202 898-3781 mcabeza@fdic.gov

IC Title Status Responses Hours Dollars Document Type Form No. Form Name
Secure Software Development Attestation Form 4 10 0 Form and Instruction N/A Secure Software Sefl-Attestation Common Form

  Total Approved Previously Approved Change Due to New Statute Change Due to Agency Discretion Change Due to Adjustment in Estimate Change Due to Potential Violation of the PRA
Annual Number of Responses 4 0 0 4 0 0
Annual Time Burden (Hours) 10 0 0 10 0 0
Annual Cost Burden (Dollars) 0 0 0 0 0 0

Yes
Miscellaneous Actions
No
Executive Order 14028, “Improving the Nation’s Cybersecurity” (E.O. 14028), emphasizes the importance of securing software used by the Federal Government to perform its critical functions. To further this objective, E.O. 14028 required NIST to issue guidance “identifying practices that enhance the security of the software supply chain.” The NIST Secure Software Development Framework (SSDF) (SP 800-218), and the NIST Software Supply Chain Security Guidance (these two documents, taken together, are hereinafter referred to as “NIST Guidance”) include a set of practices that create the foundation for developing secure software. This self-attestation form identifies the minimum secure software development requirements a software producer must meet, and attest to meeting, before certain software may be used by Federal agencies. This form is used by software producers to attest that the software they produce is developed in conformity with specified secure software development practices.