View RCF  - OIRA Conclusion

202405-3220-001CF
Active 03/31/2027
RRB
1670-0052 202311-1670-001
Secure Software Development Attestation Form
RCF New
 Approved without change   05/06/2024
Retrieve Notice of Action (NOA) 05/03/2024
The RRB will be using the form to collect software attestations from all of our vendors.
None
 
Brian Foster 312 751-4826 brian.foster@rrb.gov

IC Title Status Responses Hours Dollars Document Type Form No. Form Name
Secure Software Development Attestation Form 18,576 45,012 0 Form and Instruction N/A Secure Software Sefl-Attestation Common Form

  Total Approved Previously Approved Change Due to New Statute Change Due to Agency Discretion Change Due to Adjustment in Estimate Change Due to Potential Violation of the PRA
Annual Number of Responses 18,576 0 0 18,576 0 0
Annual Time Burden (Hours) 45,012 0 0 45,012 0 0
Annual Cost Burden (Dollars) 0 0 0 0 0 0

Yes
Miscellaneous Actions
No
Executive Order 14028 and the OMB M-22-18, Enhancing the Security of the Software Supply Chain through Secure Software Development Practices, and OMB M-23-16, Update to Memorandum M-22-18, required development of an attestation form in which software producers serving the federal government will be required to confirm implementation of specific security practices.  To ensure a safe and secure digital ecosystem for all Americans, CISA released the Secure Software Development Attestation Form on March 11, 2024, taking a major step in the implementation of its requirement that producers of software used by the Federal Government attest to the adoption of secure development practices. Due to CISA guidance, the RRB will be reaching out to about 10,000 software vendors to collect information related to an Information Technology Modernization Project.