The form was announced March 11 by the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), which developed the form with the Office of Management and Budget (OMB). The form identifies minimum secure software development requirements a software producer must meet and attest to meeting. Software requires attestation if it was developed after September 14, 2022. Software developed prior to this date requires attestation if it was modified by major version changes after September 14, 2022. Attestation also is required if the producer delivers constant changes to the code.
This article has been indexed from InfoWorld Security