A memo from the Office of Management and Budget (OMB) was published with cybersecurity guidelines to the federal government’s software providers on September 14, 2022. The directive was based on the Executive Order (EO) signed by US President Joe Biden on May 12, 2021, to improve cybersecurity amid the increased risks plaguing the nation’s privacy and data security.
As per the memo published by the White House, software companies working with the US government need to attest that their products comply with the latest national cybersecurity standards.
In a blog post, Federal Chief Information Security Officer and Deputy National Cyber Director Chris DeRusha discussed the latest guidelines and said, “With the cyber threats facing Federal agencies, our technology must be developed in a way that makes it resilient and secure, ensuring the delivery of critical services to the American people while protecting the data of the American public and guarding against foreign adversaries.”
The federal government’s reliance on information and communications technology (ICT) products and services make it a hub for cybercriminals. Since critical functions depend on these services from outside entities, the EO directed the concerned departments to work on it. The National Institute of Standards and Technology (NIST), which handles the nation’s technology and innovation needs, created the Secure Software Development Framework (SSDF) and the NIST Software Supply Chain Security Guidance documents called the NIST Guidance. The OMB was directed to comply with the guidelines.
Per the guidelines, the Agency Chief Information Officers (CIOs) and Chief Acquisition Officers (CAOs) have been directed to watch software producers implement and attest to conformity. The department’s agencies are required to get self-attestation from the software producers before using it, as it would be considered their conformance statement.
Within 90 days of the release of these guidelines, agencies are required to work for the attestations and other mentioned actions. Moreover, the OMB must work on posting specific information for submitting requests for waivers to MAX.gov links.
The Cybersecurity and Infrastructure Security Agency (CISA) is expected to establish programs like a standard self-attestation ‘common form’ and a plan for a government-wide repository for software attestations, among others, within a stipulated time frame. And NIST is asked to update the SSDF guidance as required.
These guidelines have been set to strengthen the security of the software supply chain catering to the federal government, including the ‘zero trust’ strategy’. The zero-trust approach requires validating every interaction and eliminating implicit trust to help create better infrastructure and protect national and economic security.
As opposed to the past, when the software was accepted based only on the advertised data, now it will go through official steps and channels. This will ensure that federal agencies use the right product after scanning the proper criteria. It was necessary to help restore and build trust among people, the government and businesses to carry out their functions safely.
These cases reinforce that ATM jackpotting is no longer a niche cybercrime tactic but part of organized financial crime networks.
This signals that DSA enforcement is moving beyond content moderation into deeper operational transparency.
Campaign involving network infiltration, ransomware deployment and phishing operations designed to destabilize essential services in UAE, blocked.
AI fraud, deepfake probes, SME cyber warnings, and ransomware cases highlight rising global risks in this week’s Cyber Express roundup.
French national bank authority confirmed a major data breach affecting 1.2 million bank accounts after a malicious actor stole credentials…
The real success of AI will not only depend on how powerful the technology becomes, but on how safely, fairly,…
This website uses cookies. By continuing to use this website you are giving consent to cookies being used.
Read More