On June 1, NIST and OMB will host a workshop to discuss next steps for implementation of M-22-18, Enhancing the Security the Software Supply Chain through Secure Software Development Practices, the intended impact on the security of the Federal enterprise, CISA’s self-attestation common form, and the initial minimum requirements contained therein.
Attendees are encouraged to submit their questions in advance to ofcio [at] omb.eop.gov (ofcio[at]omb[dot]eop[dot]gov) by May 26.
Please note that the recording for this workshop will NOT be posted after the event. Those who wish to participate are encouraged to join the live event.
Workshop Goals:
11:00am - 1:00pm ET
Moderator: Kevin Stine, Chief, Applied Cybersecurity Division, NIST
Start Time |
End |
Speakers |
Session Information |
11:00am |
11:45am |
Kevin Stine (moderator) Speakers: |
Secure Software: From EO 14028 to Self-Attestation Based on EO 14028, M-22-18 outlined OMB’s role in the identification of minimum elements from SP 800-218 to which software producers must attest. This panel will address the intent of this effort, the requirements put forward for agencies, and the development of minimum elements to which software producers must attest and submit to agencies. We will also discuss the circumstances and scope of software to which minimum elements apply and when they do not. |
11:45am |
12:00pm |
|
Break |
12:00pm |
1:00pm |
Speakers:
|
Next Steps and Common Questions M-22-18 contemplates the use of a self-attestation common form that agencies are encouraged to leverage to satisfy M-22-18 required actions. M-22-18 also speaks to the establishment of a government-wide repository for attestations and artifacts, the utilization of third-party assessor organizations such as FedRAMP, among other items. Speakers will address the expected process for satisfying M-22-18 requirements, the process by which agencies are expected to fulfill M-22-18 requirements, and provide an update on CISA’s self-attestation common form. Speakers will also answer questions received in advance of the workshop in this session. |
1:00pm |
|
|
Adjourn |