JUN 28, 2023 | US
BSA Urges CISA to Use Common Self-Attestation Form for Software to Satisfy ‘Safe Harbor’ Liability Protection
Inside Cybersecurity, June 28, 2023
By Sara Friedman
BSA | The Software Alliance advocates for the federal government to use the self-attestation form for secure software development from CISA and the OMB as an acceptable way to satisfy the national cyber strategy’s proposal for establishing liability protections and a “safe harbor” in its comments.
“It makes sense that a software producer that is certified under FedRAMP would be exempt from submitting an attestation form, as the SSDF practices and tasks reflected in the attestation form reference the security controls in NIST SP 800-53, a central element of FedRAMP. However, the attestation requirements do not necessarily always perfectly align with FedRAMP requirements,” according to BSA.
BSA argues that CISA should clarify that the certification from a 3PAO would meet the attestation form requirement even when a software producer’s FedRAMP certification doesn’t “perfectly align with the requirements of attestation.”
Original Posting: https://insidecybersecurity.com/share/14802
ABOUT BSA
BSA | The Software Alliance (www.bsa.org) is the leading advocate for the global software industry before governments and in the international marketplace. Its members are among the world’s most innovative companies, creating software solutions that help businesses of all sizes in every part of the economy to modernize and grow.
With headquarters in Washington, DC, and operations in more than 30 countries, BSA pioneers compliance programs that promote legal software use and advocates for public policies that foster technology innovation and drive growth in the digital economy.