The attestation form information will be used by OPM to provide great assurances that help understand whether the software provider performed due diligence followed secure code practices which align with NIST 800-216 Secure Software Development Practices (SSDF). OMB circular M-22-18 requires CISA in consultation with OMB to develop a secure software attestation common form for all federal departments and agencies. Agencies will collect software attestation information from software suppliers. The Office of Personnel Management will not be maintaining these forms in a manner that implicates the Privacy Act and, consequently, OPM’s use of the form does not require a Privacy Act Statement.
None
Alexys Stanley 202 606-1183 alexys.stanley@opm.gov