February 2, 2023

Volume XIII, Number 33

Advertisement

February 01, 2023

Subscribe to Latest Legal News and Analysis

January 31, 2023

Subscribe to Latest Legal News and Analysis

January 30, 2023

Subscribe to Latest Legal News and Analysis

Do Business With the Federal Government? Here’s a 2022 Cybersecurity Recap: Part Three – Secure Software Development Attestation Requirements

Today we continue our series (see here and here) with the Office of Management and Budget’s September 2022 memorandum requiring federal agencies to only use software from software producers that attest compliance with secure software development guidance issued by the NIST. The new requirements will apply to any third-party software that is used on government information systems or that otherwise “affects” government information. You can read our article about the guidance here.

The FAR Council is currently drafting a proposed FAR rule addressing Supply Chain Software Security to integrate these requirements into federal contracts.

Putting it Into Practice – What to expect in 2023: OMB’s guidance provided a timeline for agency adoption of these requirements and when requirements will be communicated to software producers. We expect agencies will begin communicating requirements in early 2023 and begin collecting attestation letters for critical software this summer. Software producers should evaluate their software against the NIST guidance. For federal contractors and software resellers, the impact and scope of these requirements remains unclear, but we anticipate additional guidance in 2023.

Copyright © 2023, Sheppard Mullin Richter & Hampton LLP.National Law Review, Volume XIII, Number 24
Advertisement
Advertisement
Advertisement

About this Author

Townsend Bourne, Government Affairs Attorney, Sheppard Mullin Law FIrm
Associate

Ms. Bourne's practice focuses on Government Contracts law and litigation. Her experience includes complex litigation in connection with the False Claims Act, bid protest actions both challenging and defending agency decisions on contract awards before the Government Accountability Office and Court of Federal Claims, claims litigation before the Armed Services Board of Contract Appeals and the Civilian Board of Contract Appeals, investigating and preparing contractor claims, and conducting internal investigations. 

Ms. Bourne advises clients on a...

202-469-4917
Lauren Weiss Associate Washington D.C. Sheppard, Mullin, Richter & Hampton LLP
Associate

Lauren Weiss is an associate in the Government Contracts, Investigations & International Trade Practice Group in the firm's Washington, D.C. office.

Areas of Practice Lauren’s practice focuses on government contracts litigation, investigations, and counseling matters including the following areas:  Cybersecurity counseling, Internal Investigations, Regulatory compliance,  Bid protests before the U.S. Government Accountability Office, Civil False Claims Act litigation defense, and Transactional due diligence.

Prior...

202-747-2678
Advertisement
Advertisement
Advertisement