Blog

In Effort to Bolster Government Cybersecurity, Biden Administration Takes Step to Ensure Secure Development Practices

Released

By: Chris DeRusha, Federal CISO and Deputy National Cyber Director &
Eric Goldstein, Executive Assistant Director for Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA)

Today, in an effort to ensure a safe and secure digital ecosystem for all Americans, the Biden-Harris Administration approved a secure software development attestation form, taking a major step in the implementation of its requirement that producers of software used by the Federal Government attest to the adoption of secure development practices.

Software underpins nearly every service our government delivers on behalf of the American people. Since Day One, the Biden-Harris Administration has recognized the importance of fostering a diverse and strong federal technology marketplace, while reducing cybersecurity risks. The President took decisive action in issuing Executive Order 14028, Improving the Nation’s Cybersecurity, following a sophisticated supply chain attack that allowed foreign adversaries to compromise the systems of thousands of customers who use SolarWinds.  The Executive Order initiated a transformation of Federal cybersecurity policy and practice in order to better protect the networks and infrastructure that Americans depend on.

The Biden-Harris Administration continues to build on that foundation with the release of the secure software development attestation form — a critical step towards ensuring software producers who work with Government provide securely developed products.

This action also furthers the President’s National Cybersecurity Strategy,which made clear that the “most capable and best-positioned actors in cyberspace must be better stewards of the digital ecosystem.” By ensuring our Government uses software products from software producers that leverage best practices for secure development, we not only strengthen the security of the Federal Government, but drive improvements for customers across the globe. We envision a software ecosystem where our partners in state and local government, as well as in the private sector, also seek these assurances and leverage software that is built to be secure by design.

Today’s release of the secure software development attestation form reinforces secure-by-design principles advanced by CISA, Federal government partners, and international allies:   

  • Take ownership of security outcomes so the burden of security does not fall solely on the customer.
  • Embrace radical transparency and accountability.
  • Build organizational structure and leadership to achieve these goals.

By using software from producers that use sound secure development practices, the Federal Government not only protects its vital information systems, but also helps ensure that the Government runs on software made by companies that prioritize and focus on these critical practices. Through continued collaborative efforts by both the Federal Government and the private sector, we will foster a more secure cyberspace.