The US federal government has released a software attestation form intended to ensure that software producers partnering with the government leverage minimum secure development techniques and tool sets.
The form was announced March 11 by the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), which developed the form with the Office of Management and Budget (OMB). The form identifies minimum secure software development requirements a software producer must meet and attest to meeting. Software requires attestation if it was developed after September 14, 2022. Software developed prior to this date requires attestation if it was modified by major version changes after September 14, 2022. Attestation also is required if the producer delivers constant changes to the code.