The 2023 Gartner® Magic Quadrant for SAM Managed Services is now available. Get the Report

Meet the requirements and deadlines of OMB M-22-18

Compliance Timeline

Agencies shall inventory all software subject to the requirements of the memorandum.

Agency CIOs shall develop a consistent process to communicate relevant requirements in this memorandum to vendors, and ensure attestation letters are collected in one central agency system.

Agency CIOs shall assess training needs and develop training plans for the review and validation of software attestations and artifacts.

Agencies shall collect attestation letters for "critical software" subject to the requirements of this memorandum.

Agencies shall collect attestation letters for all software subject to the requirements of this memorandum.

Our new offering meets all NIST 800-218 requirements and is available on SEWP.

Watch this short video for an overview.

Our Software Supply Chain Security (SSCS) offering was developed in response to Executive Order 14028 to help Federal agencies meet the requirements and deadlines listed in the Office of Management & Budget (OMB) Memo 22-18.

The SSCS offering was created in accordance with the National Institute of Standards and Technology (NIST) Publication 800-218.

How can Anglepoint help ensure that agencies comply with OMB’s requirements?


Gather Data

  • Commercial: review of commercial software spend
  • Inventory: review of deployments and usage (firmware, operating systems, applications, application services, and products containing software).

Normalize data

  • Consolidate data into a streamlined single view of software providers and their products.
  • Ownership: an assigned owner for each vendor.


  • Executive presentation of data, including software volumes and key considerations.

Process & Training

  • Design & lead stakeholder engagement sessions
  • Define
    • Process creation – objectives/success criteria, workflow, implementation plan
    • Roles & responsibilities
    • Policy Documentation
    • Training — software attestations and relevant artifacts, exception process

Validate Self-Attestation

  • Contact vendors & gather data
  • Create & track standardized communications
  • Build a framework for tracking initial clarifications from vendors
    • Including tracking compliance by vendor/product as it is achieved

The Software Supply Chain Security Offering, developed to meet NIST guidance, is available today on SEWP

Learn more about our other Public Sector Services.