OMB M-22-18 and M-23-16 require vendors to do self-attestations for supply chain risk management. The Federal CIO and Federal CISO/Deputy National Cyber Director strongly encourage all agencies to use CISA’s common form for that, as doing so will enable increased information sharing across the Federal ecosystem and will reduce the need for redundant attestations for software used by multiple agencies. Accordingly, attached is the SEC’s minor variation of CISA’s common form, for which the SEC is asking for expedited approval through the common form clearance process, so that the form can be shared with vendors for completion. The OMB Control No. for the CISA Common Software Attestation Form is 1670-0052. A list of agencies already approved to use the common form is located here.
EO: EO 14028 Name/Subject of EO: Executive Order on Improving the Nations Cybersecurity
MB M-22-18 and M-23-16 require vendors to do self-attestations for supply chain risk management. The Federal CIO and Federal CISO/Deputy National Cyber Director strongly encourage all agencies to use CISA’s common form for that, as doing so will enable increased information sharing across the Federal ecosystem and will reduce the need for redundant attestations for software used by multiple agencies. Accordingly, attached is the SEC’s minor variation of CISA’s common form, for which the SEC is asking for expedited approval through the common form clearance process, so that the form can be shared with vendors for completion. The OMB Control No. for the CISA Common Software Attestation Form is 1670-0052. A list of agencies already approved to use the common form is located here.