Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Workshop to Inform Implementation Guidance for Federal Procurement of Secure Software

On March 23, 2022, the National Institute of Standards and Technology (NIST) will host a virtual workshop on behalf of the Office of Management and Budget (OMB). OMB is interested in obtaining feedback from stakeholders to inform future implementation guidance for federal procurement of secure software.

The Executive Order (EO) on Improving the Nation’s Cybersecurity exemplifies the importance of secure software purchased by the Federal Government by directing the National Institute of Standards and Technology (NIST) to “issue guidance identifying practices that enhance the security of the software supply chain.” On February 4, 2022 NIST issued this Secure Software Development Framework (SSDF) Version 1.1 and additional guidance to meet the requirement. The EO also directs the Office of Management and Budget (OMB) to “take appropriate steps to require that agencies comply with such guidelines with respect to software procured.”

The purpose of this workshop is to inform future implementation guidance. OMB is requesting a maximum of five-page responses to a set of questions attached to this announcement. Responses should be sent to OFCIO [at] omb.eop.gov no later than 5:00pm ET on March 18, 2022.

Implementation questions (PDF)

Agenda

All times below are listed in Eastern Time (UTC-4)

 

1:00 – 1:10

Welcome and Logistics

Kevin Stine, NIST

1:10 – 1:20

Opening Remarks

Chris Inglis, National Cyber Director

1:20 – 1:30

Workshop Objectives

Chris DeRusha, OMB Federal Chief Information Security Officer and Deputy National Cyber Director

1:30 – 1:40

Executive Order 14028, Section 4e Guidance

Kevin Stine, NIST

1:40 - 1:45

Break

1:45 – 3:00

Panel 1: Industry Perspectives

Moderator: Dr. Allan Friedman, CISA

Panelists:

  • Jeanette Manfra, Google
  • Sharon Chand, Deloitte
  • Henry Young, BSA
  • Chris Halterman, EY

3:00 – 3:15

Break

3:15 – 4:30

Panel 2: Government Perspectives

Moderator: Grant Schneider, Venable LLP

Panelists:

  • Rosa Underwood, GSA
  • Stacy Bostjanick, DOD/CMMC
  • Lisa Carnahan, NIST
  • Ken Bible, DHS CISO

4:30 – 4:45

Closing and Next Steps

Chris DeRusha, OMB Federal Chief Information Security Officer and Deputy National Cyber Director

Created March 4, 2022, Updated March 30, 2022