The Executive Office of the President Extends Deadline for the Collection of Software Security Attestation Forms

The Office of Management and Budget (OMB) has extended the deadline for collecting software security attestation forms allowing more time for businesses to comply with new Secure Software Development Framework (SSDF) requirements using now available solutions such as CodeLock®.

Ashburn, VA, June 14, 2023 --( The Office of Management and Budget (OMB) has announced an extension to the deadline for collecting software security attestation forms from contractors. The decision comes as part of the White House’s commitment to ensuring the use of securely developed software by federal agencies.

The OMB's memo extended the original deadline of June 12, by six months, thereby allowing agencies more time to ensure software vendors have taken the appropriate steps to prepare and provide necessary software security attestation forms. These forms require software producers serving the government to confirm the implementation of specific security practices and play a crucial role in ensuring all software products are safe and secure by design.

CISA, the Cybersecurity and Infrastructure Security Agency, has been actively involved in developing the self-attestation form in consultation with the OMB. The form is based on practices outlined in the National Institute of Standards and Technology's Secure Software Development Framework (SSDF).

Gartner, a renowned research and advisory company, has recommended CodeLock® in their report titled "How to Select DevSecOps Tools for Secure Software Delivery."

To further support agencies in providing comprehensive attestation reports, CodeLock® has secured a contract from the Virginia Innovation Partnership Corporation (VIPC). Through the CodeLock® platform, agencies can generate attestation reports with detailed artifacts and evidence.

The advancements made by CodeLock® have positioned the company as a leader in implementing the OMB requirements, which mandates the use of software compliant with government-specified secure software development practices.

The OMB's memo also provides clarification on the collection of attestations. It emphasizes that the producer of the software end product used by an agency is best positioned to ensure its security. Therefore, attestations must be collected from the producer, serving as an affirmative statement that they follow the secure software development minimum requirements outlined in the common form.

The memo specifies that agency-developed software falls outside the scope of the attestation requirements. However, contracting agencies must still ensure that software developed under a federal contract adheres to the Secure Software Development Framework (SSDF) established by the National Institute of Standards and Technology (NIST).

To learn more about CodeLock® and how their solutions can assist agencies in meeting the OMB deadline, please visit:

About OMB: The Office of Management and Budget (OMB) is a federal agency responsible for overseeing policies, regulations, and directives related to budget, management, and information technology across various government agencies.
Jake West