Lineaje Archives | FedScoop https://fedscoop.com/tag/lineaje/ FedScoop delivers up-to-the-minute breaking government tech news and is the government IT community's platform for education and collaboration through news, events, radio and TV. FedScoop engages top leaders from the White House, federal agencies, academia and the tech industry both online and in person to discuss ways technology can improve government, and to exchange best practices and identify how to achieve common goals. Tue, 11 Jun 2024 20:20:17 +0000 en-US hourly 1 https://wordpress.org/?v=6.5.4 https://fedscoop.com/wp-content/uploads/sites/5/2023/01/cropped-fs_favicon-3.png?w=32 Lineaje Archives | FedScoop https://fedscoop.com/tag/lineaje/ 32 32 For GSA, a new step to secure the software acquisition process begins https://fedscoop.com/for-gsa-a-new-step-in-the-software-acquisition-process-begins/ Tue, 11 Jun 2024 20:03:12 +0000 https://fedscoop.com/?p=78765 This week marks the beginning of the agency’s collection of self-attestation forms from software providers and offerers.

The post For GSA, a new step to secure the software acquisition process begins appeared first on FedScoop.

]]> Starting this week, the General Services Administration is collecting common forms for new  software contracts from providers and contractors in accordance with a 2022 Office of Management and Budget memo regarding software supply chain security

In a May memorandum, GSA announced that beginning June 8, the agency would start collecting information for new contracts of all sizes — including “micropurchases” — from software offerers and contractors. That information would attest to government-specified secure software development practices.

Nick Mistry, the chief information security officer for Lineaje, a software supply chain security management company, said in an interview with FedScoop that he believes GSA’s June 8 start for the new guidance is “a really good thing for both the industry and government.”

The self-attestation requirements “will obviously add another step in the process, but it’s a very necessary step,” Mistry said. “Will there be a period of confusion where people don’t know exactly what’s required, both on the government side as well as industry side? But I think those things will just shake out over time. I think the net benefit is all positive.”

A GSA spokesperson said in an email to FedScoop that the agency “held multiple industry listening sessions before crafting our implementation of OMB memos M-22-18 and M-23-16. GSA took feedback from these sessions into consideration while also ensuring we met the deadlines in the OMB memoranda.”

The spokesperson noted that the agency “met the deadline for implementation to best support our customer agencies” and integrated the self-attestation form into its existing IT standards process to make attesting “as frictionless as possible” for the GSA’s vendors. 

The GSA  is encouraging software vendors to create an account on the Cybersecurity and Infrastructure Security Agency’s repository website, the spokesperson added.

In March, CISA released the Secure Software Development Attestation Form, which required the companies that manufacture software used by the federal government to “attest to the adoption of secure development practices.” That form could either be submitted to a repository or emailed to the relevant agency. 

GSA noted in its May memorandum that while the agency already had a requirement for its IT department to “approve software before it could be acquired and used,” the OMB memo mandated the department to update “how it collects, reviews, retains and monitors industry attestation information.”

The post For GSA, a new step to secure the software acquisition process begins appeared first on FedScoop.

]]> 78765