“The Office of Management and Budget plans on releasing new secure software guidance for agencies within the next eight to 12 weeks, according to Chris DeRusha, federal chief information security officer. The guidance is based on a “Secure Software Development Framework” (SSDF), as well as “Software Supply Chain Security Guidance” released by the National Institute of Standards and Technology in February. ‘This is about incenting the vendor communities that are serving and selling to the U.S. government to start adopting this framework, and specifically secure development practices,’ DeRusha said during a March 23 workshop hosted by NIST. ‘That means a culture change in agencies and means a culture change in some of the vendor organizations themselves.’...” “OMB is working in parallel with the Department of Homeland Security, which was tasked under the cybersecurity executive order to deliver recommendations to the Federal Acquisition Regulation Council on contract language that would require companies to comply with and attest to secure development practices. Those recommendations are due on the executive order’s first anniversary on May 12. ‘We’re driving fast, and we’re working also to align with the DHS recommendations,’ DeRusha said...” “NIST’s framework describes ‘a set of fundamental, sound practices for secure software development.’ A key question for companies is to what extent agencies will require them to prove out the security of their software through a process called ‘attestation.’...” Read the full article here. Source: White House ‘driving fast’ to issue software security guidance for agencies – By Justin Doubleday, March 24, 2022. Federal News Network.