View RCF  - OIRA Conclusion

202405-0503-001CF
Active 03/31/2027
USDA/AgSEC USDA/OCIO
1670-0052 202311-1670-001
USDA Critical Software Attestation
RCF New
 Approved without change   05/16/2024
Retrieve Notice of Action (NOA) 05/13/2024
To adhere to the requirements outlined in M-22-18, as per Executive Order 14028 and NIST Guidance, USDA is obligated to ensure that the software utilized complies with secure software development practices. The Department of Agriculture’s Cybersecurity and Privacy Operations Center (CPOC) is collaborating with the Department’s Mission Areas to compile a comprehensive list of critical and non-critical software titles. Subsequently, this list will be transferred to the Office of Contracting and Procurement (OCP), which will coordinate with Mission Area Contracting Officers (COs) to obtain attestations from vendors regarding their adherence to secure software development practices. A requirement from the Information Resource Management Center (IRMC) office stipulates that the burden statement for the CISA/DHS Vendor Attestation Common Form must be based on the actual number of respondents (vendors) before submission to the OMB for review and approval.
EO: EO 14028 Name/Subject of EO: Executive Order on Improving the Nations Cybersecurity
 
Rachelle Ragland-Greene 703 605-0038 Rachelle.Greene@fns.usda.gov

IC Title Status Responses Hours Dollars Document Type Form No. Form Name
Secure Software Development Attestation Form 3,750 9,087 0 Form and Instruction N/A Secure Software Sefl-Attestation Common Form

  Total Approved Previously Approved Change Due to New Statute Change Due to Agency Discretion Change Due to Adjustment in Estimate Change Due to Potential Violation of the PRA
Annual Number of Responses 3,750 0 0 3,750 0 0
Annual Time Burden (Hours) 9,087 0 0 9,087 0 0
Annual Cost Burden (Dollars) 0 0 0 0 0 0

Yes
Changing Regulations
No
To adhere to the requirements outlined in M-22-18, as per Executive Order 14028 and NIST Guidance, USDA is obligated to ensure that the software utilized complies with secure software development practices. T