I am interested. Also I would like to know if anyone else has any interest in ensuring attestation standards have space to enable cryptographic agility or move towards self attesting addresses?
On Sat, Apr 29, 2023 at 9:34 AM Dick Brooks < [email protected]> wrote: > FYI: I’m envisioning a similar process to what was used by the SBOM > Special Internet Group (SBOM SIG), contained in this filing to NIST: > > > https://www.nist.gov/document/responses-enhancing-software-supply-chain-security-sbom > > > > Thanks, > > > > Dick Brooks > > > > *Active Member of the CISA Critical Manufacturing Sector, * > > *Sector Coordinating Council – A Public-Private Partnership* > > > > *Never trust software, always verify and report! > <https://reliableenergyanalytics.com/products>* ™ > > http://www.reliableenergyanalytics.com > > Email: [email protected] > > Tel: +1 978-696-1788 > > > > *From:* Dick Brooks <[email protected]> > *Sent:* Saturday, April 29, 2023 9:21 AM > *To:* '[email protected]' <[email protected]>; '[email protected]' < > [email protected]> > *Subject:* CISA's proposed attestation form is now available and they are > seeking comments > > > > Hello Everyone, > > > > CISA is seeking comments on their proposed self-attestation form for OMB > M-22-18 and EO 14028. > > > > Is there any interest in doing a joint comment filing to CISA? Please > respond to this email if interested in a collaborative, joint response to > CISA. > > I’ll be happy to facilitate the response. > > information has recently been updated and is now available. > > *CISA Requests for Comment on Secure Software Self-Attestation Form > <https://www.cisa.gov/news-events/alerts/2023/04/28/cisa-requests-comment-secure-software-self-attestation-form>* > > *04/28/2023 02:00 PM EDT* > > CISA has issued requests for comment on the Secure Software > Self-Attestation Form > <https://www.cisa.gov/sites/default/files/2023-04/secure-software-self-attestation_common-form_508.pdf>. > CISA, in coordination with the Office of Budget and Management (OMB), > released proposed guidance on secure software. This guidance seeks to > secure software leveraged by the federal government. CISA expects agencies > to use this proposed form to reduce the risk to the federal environment, > thereby implementing a standardized process for agencies and software > producers that will create transparency on the security of software > development efforts. > > Visit CISA.gov/secure-software-attestation-form > <https://www.cisa.gov/secure-software-attestation-form> for more > information and to review the document. The comment period is open until > June 26, 2023. CISA is specifically requesting insight on the feasibility, > clarity, and usefulness of the document. To submit a comment, click the > comment box at the top of Regulations.gov > <https://www.regulations.gov/document/CISA-2023-0001-0001>. > > Thanks, > > > > Dick Brooks > > > > *Active Member of the CISA Critical Manufacturing Sector, * > > *Sector Coordinating Council – A Public-Private Partnership* > > > > *Never trust software, always verify and report! > <https://reliableenergyanalytics.com/products>* ™ > > http://www.reliableenergyanalytics.com > > Email: [email protected] > > Tel: +1 978-696-1788 > > > > > -- Prof. L. Jean Camp http://www.ljean.com Research Gate: https://www.researchgate.net/profile/L_Camp DBLP: http://dblp.uni-trier.de/pers/hd/c/Camp:L=_Jean SSRN: https://papers.ssrn.com/sol3/cf_dev/AbsByAuth.cfm?per_id=262477 Scholar: https://scholar.google.com/citations?user=wJPGa2IAAAAJ <https://scholar.google.com/citations?user=wJPGa2IAAAAJ&hl=en&oi=ao> Make a Difference http://www.ieeeusa.org/policy/govfel/congfel.asp -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#1685): https://lists.spdx.org/g/spdx/message/1685 Mute This Topic: https://lists.spdx.org/mt/98576773/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/spdx/leave/2655439/21656/1698928721/xyzzy [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
