North American Energy Software Assurance Database (NAESAD) To Support Compliance with Upcoming Federal Software Security Requirements
Fortress Information Security released new software attestation capabilities to enable government agencies and government contractors to meet stringent software security mandates expected in early 2024. With improved capabilities for Software Supply Chain Security (SSCS), Fortress’ newest offering helps public sector supply chains become more secure and resilient.
CIO INFLUENCE News:Â ThroughPut.AI Builds Supply Chain Decision Intelligence Solution on the Snowflake Data Cloud
New federal mandates require all federal vendors and contractors to complete an attestation form for software products they sell to federal agencies. Attestations assure that software used by government agencies is securely developed according to the National Institute of Science and Technology’s (NIST) Secure Software Development Framework (SSDF).
“Once OMB approves the attestation form, federal agencies will have to move very quickly to meet the requirements in the President’s Cybersecurity Strategy,” said Ty Short, Vice President of Product. “Contractors will need to be ready to hit the ground running. By providing users with the most comprehensive, secure software development testing record, our attestation product reduces regulatory burdens for government agencies and contractors. Additionally, users will see cost savings thanks to the ability to collaborate on attestations, certifications, and Plan of Action & Milestones.”
The push for attestations is a part of the President’s Cybersecurity Strategy and a result of the SolarWinds supply chain hack of 2021, which many believe was launched by the Russian Intelligence Service. New research by Fortress shows that developers in Russia and China are building components frequently found in repositories like GitHub and in software commonly used by America’s electric companies.
CIO INFLUENCE News:Â API Security Trailblazer Salt Security Bolsters Leadership Team to Propel Global Growth and Innovation
Key features and capabilities of the Fortress attestation offering include:
- Software version tracking to initiate attestation updates as new major software versions are released
- Single interface to track compliance, remediation efforts, and exception management
- Designation of critical software
- Vendor outreach to ensure attestation response
- Unification of existing tools with Fortress Platform API and connectors
Fortress’ outreach to suppliers for Secure Software Development (SSD) attestations is executed through the North American Energy Software Assurance Database (NAESAD). NAESAD enables the sharing of attestations at scale with all federal customers, simplifying the response process and speeding up response times.
“Federal agencies can create a more integrated, secure, and efficient software development ecosystem that aligns with their strategic goals,” said Short. “Fortress guides our clients through product discovery, attestation collection, triaging non-compliance, escalations, and replacement tracking, as well as continuous monitoring for new software versions to ensure attestations are up to date and accurate. This solution is absolutely critical to helping federal agencies, vendors, and contractors meet new attestation requirements.”
CIO INFLUENCE News:Â Superbo Announces Collaboration with Microsoft for Azure OpenAI Deployments in Africa
[To share your insights with us, please write to sghosh@martechseries.com]