JUN 28, 2023 | US
BSA Urges CISA to Use Common Self-Attestation Form for Software to Satisfy ‘Safe Harbor’ Liability Protection
Inside Cybersecurity, June 28, 2023
By Sara Friedman
BSA | The Software Alliance advocates for the federal government to use the self-attestation form for secure software development from CISA and the OMB as an acceptable way to satisfy the national cyber strategy’s proposal for establishing liability protections and a “safe harbor” in its comments.
“It makes sense that a software producer that is certified under FedRAMP would be exempt from submitting an attestation form, as the SSDF practices and tasks reflected in the attestation form reference the security controls in NIST SP 800-53, a central element of FedRAMP. However, the attestation requirements do not necessarily always perfectly align with FedRAMP requirements,” according to BSA.
BSA argues that CISA should clarify that the certification from a 3PAO would meet the attestation form requirement even when a software producer’s FedRAMP certification doesn’t “perfectly align with the requirements of attestation.”
Original Posting: https://insidecybersecurity.com/share/14802
ACERCA DE BSA
El Business Software Alliance (www.bsa.org) es el principal defensor de la industria global del software ante los gobiernos y en el mercado internacional. Sus miembros se encuentran entre las compañías más innovadoras del mundo, creando soluciones de software que impulsan la economía y mejoran la vida moderna.