View RCF - OIRA Conclusion

Title: Secure Software Self-Attestation Common Form

Type of RCF: RCF New
OIRA Conclusion Action: Approved without change	Conclusion Date: 05/10/2024
Retrieve Notice of Action (NOA)	Date Received in OIRA: 05/08/2024
Terms of Clearance:

Description of Agency Usage: HHS, as required by OMB memorandums M-22-18 and M-23-16, must begin to collect secure software development attestations from publishers of software products, in use, have been acquired, or is in the acquisition process that were developed, released, or underwent a major change after September 14, 2022. The Cybersecurity and Infrastructure Security Agency (CISA) developed the “common form” that all agencies are encouraged to use, and HHS will leverage.

Authorizing Statute(s): None

Annual Cost to Federal Government:
Agency Contact: Marnita Harris 202 731-3383 acquisition_policy@hhs.gov

Common Form Information Collections (IC) in this RCF:

IC Title	Status	Responses	Hours	Dollars	Document Type	Form No.	Form Name
Secure Software Development Attestation Form		1,050	2,544	0	Form and Instruction	N/A	Secure Software Sefl-Attestation Common Form

RCF Summary of Burden:

	Total Approved	Change Due to Agency Discretion
Annual Number of Responses	1,050	1,050
Annual Time Burden (Hours)	2,544	2,544
Annual Cost Burden (Dollars)	0	0

Burden increases because of Program Change due to Agency Discretion: Yes

Burden Increase Due to: Miscellaneous Actions

Burden decreases because of Program Change due to Agency Discretion: No

Burden Reduction Due to:

Short Statement: This is a new request for use of common form.