New Requirement for Software Deliverables to Comply with NIST 800-218

October 12, 2022 by 1 Comment

By Skyler Handl, Corporate Counsel, Public Sector

On September 14, 2022, OMB took a substantial step forward in implementing EO 14028 Improving the Nation’s Cybersecurity by issuing memorandum M-22-18. This memorandum requires agency leaders to comply with NIST Secure Software Development Framework (SSDF), SP 800- 218,3 and the NIST Software Supply Chain Security Guidance with regards to third-party software in agency information systems. This applies to software developed or modified by major changes after September 14, 2022, regardless of whether the software is a commercial product or COTS item.

How does this impact your business?

Read more of this post

Filed under Contracting, Public Policy, Sales Tagged with , ,

The Cybersecurity Executive Order: What’s coming and where are the opportunities?

July 21, 2021 by Leave a comment

By Davis Johnson, VP & General Manager

Private sector companies have a considerable amount of work to do to comply with the recent Presidential Executive Order on Improving the Nation’s Cybersecurity. Existing contracts must be scrutinized to reduce the trend of serious cyberattacks across government and industry alike.

It’s clear that the order puts the onus on the vendor community. It reads, in part, “The private sector must adapt to the continuously changing threat environment, ensure its products are built and operate securely, and partner with the Federal Government to foster a more secure cyberspace.”

The order further recommends standardizing common cybersecurity contractual requirements across agencies, to “streamline and improve compliance for vendors and the Federal Government.”

Beyond the effect on contract implications, vendors can expect more attention from the government in several key technology areas, which will spark greater demand and more funding. Here are just a few:

Cyber Vulnerability and Incident Detection

Agencies are required to establish a Memoranda of Agreement with CISA for Continuous Diagnostics and Mitigation. CISA is required to report quarterly to OMB and the National Security Advisor on implementation of threat-hunting practices. Vendors can expect more contact with agencies as these reports and documents are being prepared.

Read more of this post

Filed under Market Intelligence, Sales Tagged with , , , ,

%d bloggers like this: