View RCF  - OIRA Conclusion

202404-3235-003CF
Active 03/31/2027
SEC
1670-0052 202311-1670-001
Secure Software Development Attestation Form
RCF New
 Approved without change   04/17/2024
Retrieve Notice of Action (NOA) 04/17/2024
OMB M-22-18 and M-23-16 require vendors to do self-attestations for supply chain risk management. The Federal CIO and Federal CISO/Deputy National Cyber Director strongly encourage all agencies to use CISA’s common form for that, as doing so will enable increased information sharing across the Federal ecosystem and will reduce the need for redundant attestations for software used by multiple agencies. Accordingly, attached is the SEC’s minor variation of CISA’s common form, for which the SEC is asking for expedited approval through the common form clearance process, so that the form can be shared with vendors for completion. The OMB Control No. for the CISA Common Software Attestation Form is 1670-0052. A list of agencies already approved to use the common form is located here.
EO: EO 14028 Name/Subject of EO: Executive Order on Improving the Nations Cybersecurity
 
Illeana Ciobanu 202 551-6123

IC Title Status Responses Hours Dollars Document Type Form No. Form Name
Secure Software Development Attestation Form 592 1,434 0 Form and Instruction N/A Secure Software Sefl-Attestation Common Form

  Total Approved Previously Approved Change Due to New Statute Change Due to Agency Discretion Change Due to Adjustment in Estimate Change Due to Potential Violation of the PRA
Annual Number of Responses 592 0 592 0 0 0
Annual Time Burden (Hours) 1,434 0 1,434 0 0 0
Annual Cost Burden (Dollars) 0 0 0 0 0 0

No
No
MB M-22-18 and M-23-16 require vendors to do self-attestations for supply chain risk management. The Federal CIO and Federal CISO/Deputy National Cyber Director strongly encourage all agencies to use CISA’s common form for that, as doing so will enable increased information sharing across the Federal ecosystem and will reduce the need for redundant attestations for software used by multiple agencies. Accordingly, attached is the SEC’s minor variation of CISA’s common form, for which the SEC is asking for expedited approval through the common form clearance process, so that the form can be shared with vendors for completion. The OMB Control No. for the CISA Common Software Attestation Form is 1670-0052. A list of agencies already approved to use the common form is located here.