United States of America: Entry into force of OMB order requiring Federal agencies to collect in a centralised system cybersecurity attestation from software vendors

On 11 June 2023, the requirement obliging federal agencies to collect in a centralised system cybersecurity attestation letters outlined in the Office of Management and Budget (OMB) Memorandum "Enhancing the Security of the Software Supply Chain through Secure Software Development Practices" comes into force. The Memorandum requires every federal agency to comply with National Institute of Standards and Technology (NIST) guidance when using third-party software. The software that fall under the guidance includes firmware, operating systems, cloud-based software, applications and application services. The Memorandum lists the steps each agency must take to ensure its compliance with secure software development practices, such as obtaining a self-attestation from the software producer for all third-party software used by the agency and obtaining certificates that demonstrate conformance with secure software development practices. In the absence of the self-attestation and certificate, the private entities will not be able to participate in any public tendering or be granted a public procurement.