JUN 28, 2023 | US
BSA Urges CISA to Use Common Self-Attestation Form for Software to Satisfy ‘Safe Harbor’ Liability Protection
Inside Cybersecurity, June 28, 2023
By Sara Friedman
BSA | The Software Alliance advocates for the federal government to use the self-attestation form for secure software development from CISA and the OMB as an acceptable way to satisfy the national cyber strategy’s proposal for establishing liability protections and a “safe harbor” in its comments.
“It makes sense that a software producer that is certified under FedRAMP would be exempt from submitting an attestation form, as the SSDF practices and tasks reflected in the attestation form reference the security controls in NIST SP 800-53, a central element of FedRAMP. However, the attestation requirements do not necessarily always perfectly align with FedRAMP requirements,” according to BSA.
BSA argues that CISA should clarify that the certification from a 3PAO would meet the attestation form requirement even when a software producer’s FedRAMP certification doesn’t “perfectly align with the requirements of attestation.”
Original Posting: https://insidecybersecurity.com/share/14802
À PROPOS DE BSA
Le Business Software Alliance (www.bsa.org) est le principal organisme de défense et de promotion de l’industrie du logiciel auprès des administrations gouvernementales et sur le marché international. Ses membres comptent parmi les entreprises les plus innovantes au monde, à l’origine de solutions logicielles qui stimulent l’économie et améliorent la vie moderne.