Hello Everyone,
Just an FYI: the CISA Common Attestation Form is being revised to align more directly with NIST Guidelines for vulnerability reporting. The SBOM requirement was retained. https://public-inspection.federalregister.gov/2023-25251.pdf?utm_campaign=pi +subscription+mailing+list <https://public-inspection.federalregister.gov/2023-25251.pdf?utm_campaign=p i+subscription+mailing+list&utm_medium=email&utm_source=federalregister.gov> &utm_medium=email&utm_source=federalregister.gov "Added the citations to the appropriate NIST Guidance under "What is the Purpose of Filling out this form" to now read: "to issue guidance "identifying practices that enhance the security of the software supply chain." The NIST Secure Software Development Framework (SSDF), SP 800- 218, and the NIST Software Supply Chain Security Guidance (these two documents, taken together, are hereinafter referred to as "NIST Guidance") include a set of practices that create the foundation for developing secure software." Thanks, Dick Brooks Active Member of the CISA Critical Manufacturing Sector, Sector Coordinating Council - A Public-Private Partnership <https://reliableenergyanalytics.com/products> Never trust software, always verify and report! T <http://www.reliableenergyanalytics.com/> http://www.reliableenergyanalytics.com Email: <mailto:[email protected]> [email protected] Tel: +1 978-696-1788 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#5433): https://lists.spdx.org/g/Spdx-tech/message/5433 Mute This Topic: https://lists.spdx.org/mt/102626094/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/Spdx-tech/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
