MCC, as required by OMB memorandums M-22-18 and M-23-16, must begin to collect secure software development attestations from publishers of software products, in use, have been acquired, or is in the acquisition process that were developed, released, or underwent a major change after September 14, 2022. The Cybersecurity and Infrastructure Security Agency (CISA) developed the “common form” that all agencies are encouraged to use, and, MCC is leveraging.
EO: EO 14028 Name/Subject of EO: Improving the Nation's Cybersecurity