JUN 28, 2023 | US
BSA Urges CISA to Use Common Self-Attestation Form for Software to Satisfy ‘Safe Harbor’ Liability Protection
Inside Cybersecurity, June 28, 2023
By Sara Friedman
BSA | The Software Alliance advocates for the federal government to use the self-attestation form for secure software development from CISA and the OMB as an acceptable way to satisfy the national cyber strategy’s proposal for establishing liability protections and a “safe harbor” in its comments.
“It makes sense that a software producer that is certified under FedRAMP would be exempt from submitting an attestation form, as the SSDF practices and tasks reflected in the attestation form reference the security controls in NIST SP 800-53, a central element of FedRAMP. However, the attestation requirements do not necessarily always perfectly align with FedRAMP requirements,” according to BSA.
BSA argues that CISA should clarify that the certification from a 3PAO would meet the attestation form requirement even when a software producer’s FedRAMP certification doesn’t “perfectly align with the requirements of attestation.”
Original Posting: https://insidecybersecurity.com/share/14802
SOBRE A BSA
A BSA | The Software Alliance (www.bsa.org) é a principal defensora do setor global de software perante governos e no mercado internacional. Seus membros estão entre as empresas mais inovadoras do mundo, criando soluções de software que estimulam a economia e melhoram a vida moderna.
Com sede em Washington, DC e operações em mais de 30 países, a BSA promove programas de conformidade que promovem o uso legal de software e defendem políticas públicas que promovem a inovação tecnológica e o crescimento da economia digital.