Ravi Nayyar on Nostr: M-23-16 from OMB has dropped, folks! 'This memorandum reinforces the requirements ...
M-23-16 from OMB has dropped, folks!
'This memorandum reinforces the requirements established in M-22-18, reaffirms the importance of secure software development practices, and extends the timelines for agencies to collect attestations from software producers. Additionally, this memorandum provides supplemental guidance on the scope of M-22-18’s requirements and on agencies’ use of Plan of Actions and Milestones (POA&Ms) when a software producer cannot provide the required attestation, but plans to do so. To the extent any provision of this memorandum may be read to conflict with any provision of M-22-18, this memorandum is controlling'.
PDF: https://www.whitehouse.gov/wp-content/uploads/2023/06/M-23-16-Update-to-M-22-18-Enhancing-Software-Security.pdf
'This memorandum reinforces the requirements established in M-22-18, reaffirms the importance of secure software development practices, and extends the timelines for agencies to collect attestations from software producers. Additionally, this memorandum provides supplemental guidance on the scope of M-22-18’s requirements and on agencies’ use of Plan of Actions and Milestones (POA&Ms) when a software producer cannot provide the required attestation, but plans to do so. To the extent any provision of this memorandum may be read to conflict with any provision of M-22-18, this memorandum is controlling'.
PDF: https://www.whitehouse.gov/wp-content/uploads/2023/06/M-23-16-Update-to-M-22-18-Enhancing-Software-Security.pdf