The White House has recently urged federal agencies to implement guidance on software supply chain security according to the May 2021 cybersecurity executive order.
Indeed, this means that government buyers have to start adopting the Secure Software Development Framework from the National Institute of Standards and Technology. By doing so, they are required to get attestations confirming that software products conform to certain development best practices in order to ensure a secure software supply chain.
The framework aims to secure federal agencies’ IT systems and procured software. To do so, vendors will engage more with the private sector so as to best implement this requirement before asking agencies to require an attestation. The requirements are now extended to new acquisitions and legacy software that need to be renewed.