CISA's proposed attestation form is now available and they are seeking comments
|
Hello Everyone,
CISA is seeking comments on their proposed self-attestation form for OMB M-22-18 and EO 14028.
Is there any interest in doing a joint comment filing to CISA? Please respond to this email if interested in a collaborative, joint response to CISA. I’ll be happy to facilitate the response. information has recently been updated and is now available. CISA Requests for Comment on Secure Software Self-Attestation Form 04/28/2023 02:00 PM EDT CISA has issued requests for comment on the Secure Software Self-Attestation Form. CISA, in coordination with the Office of Budget and Management (OMB), released proposed guidance on secure software. This guidance seeks to secure software leveraged by the federal government. CISA expects agencies to use this proposed form to reduce the risk to the federal environment, thereby implementing a standardized process for agencies and software producers that will create transparency on the security of software development efforts. Thanks,
Dick Brooks
Active Member of the CISA Critical Manufacturing Sector, Sector Coordinating Council – A Public-Private Partnership
Never trust software, always verify and report! ™ http://www.reliableenergyanalytics.com Email: dick@... Tel: +1 978-696-1788
|
|
|
|
FYI: I’m envisioning a similar process to what was used by the SBOM Special Internet Group (SBOM SIG), contained in this filing to NIST: https://www.nist.gov/document/responses-enhancing-software-supply-chain-security-sbom
Thanks,
Dick Brooks
Active Member of the CISA Critical Manufacturing Sector, Sector Coordinating Council – A Public-Private Partnership
Never trust software, always verify and report! ™ http://www.reliableenergyanalytics.com Email: dick@... Tel: +1 978-696-1788
From: Dick Brooks <dick@...>
Sent: Saturday, April 29, 2023 9:21 AM To: 'scitt@...' <scitt@...>; 'spdx@...' <spdx@...> Subject: CISA's proposed attestation form is now available and they are seeking comments
Hello Everyone,
CISA is seeking comments on their proposed self-attestation form for OMB M-22-18 and EO 14028.
Is there any interest in doing a joint comment filing to CISA? Please respond to this email if interested in a collaborative, joint response to CISA. I’ll be happy to facilitate the response. information has recently been updated and is now available. CISA Requests for Comment on Secure Software Self-Attestation Form 04/28/2023 02:00 PM EDT CISA has issued requests for comment on the Secure Software Self-Attestation Form. CISA, in coordination with the Office of Budget and Management (OMB), released proposed guidance on secure software. This guidance seeks to secure software leveraged by the federal government. CISA expects agencies to use this proposed form to reduce the risk to the federal environment, thereby implementing a standardized process for agencies and software producers that will create transparency on the security of software development efforts. Thanks,
Dick Brooks
Active Member of the CISA Critical Manufacturing Sector, Sector Coordinating Council – A Public-Private Partnership
Never trust software, always verify and report! ™ http://www.reliableenergyanalytics.com Email: dick@... Tel: +1 978-696-1788
|
|
|
|
Jean Camp
I am interested. Also I would like to know if anyone else has any interest in ensuring attestation standards have space to enable cryptographic agility or move towards self attesting addresses? On Sat, Apr 29, 2023 at 9:34 AM Dick Brooks <dick@...> wrote:
--
Prof. L. Jean Camp http://www.ljean.com Make a Difference http://www.ieeeusa.org/policy/govfel/congfel.asp |
|
|
|
FYI
I have reached out to ITI and BSA on this opportunity and am waiting to hear back.
This matter affects everyone working in the SBOM community that is producing software products, aiming to sell to the US Government.
Thanks,
Dick Brooks
Active Member of the CISA Critical Manufacturing Sector, Sector Coordinating Council – A Public-Private Partnership
Never trust software, always verify and report! ™ http://www.reliableenergyanalytics.com Email: dick@... Tel: +1 978-696-1788
From: spdx@... <spdx@...> On Behalf Of Jean Camp
Sent: Saturday, April 29, 2023 10:20 AM To: spdx@... Cc: scitt@... Subject: Re: [spdx] CISA's proposed attestation form is now available and they are seeking comments
I am interested. Also I would like to know if anyone else has any interest in ensuring attestation standards have space to enable cryptographic agility or move towards self attesting addresses?
On Sat, Apr 29, 2023 at 9:34 AM Dick Brooks <dick@...> wrote:
-- Prof. L. Jean Camp
Make a Difference |
|
|
|
Alfred Strauch
Dear Mr Brooks, We are interested in attestation. Alfred Strauch, Smart Talk Beacon Steven CarbnoSmart Talk Beacon Alfred Strauch President SmartTalk Security Inc. Bus: 306-5291442 Email: alfred@...      Confidentiality and Disclaimer: The informa tion in this transmission may be confidential and/or protected by legal professional privilege, and is intended only for the person or persons to whom it is addressed. If you are not such a person, you are warned that any disclosure, copying or dissemination of the information is unauthorized If you have received the transmission in error, please immediately contact this Office by telephone or email, to inform us of the error and to enable arrangements to be made for the destruction of the transmission, or its return at our cost. No liability is accepted for any unauthorized use of the information contained in this transmission. If the transmission contains advice, the advice is based on instructions in relation to, and is provided to the addressee in connection with, the matter mentioned above. Responsibility is not accepted for reliance upon it by any other person or for any other purpose. On Sat, Apr 29, 2023 at 7:34 AM Dick Brooks <dick@...> wrote:
|
|
|
