Agencies shall inventory all software subject to the requirements of the memorandum.
Agency CIOs shall develop a consistent process to communicate relevant requirements in this memorandum to vendors, and ensure attestation letters are collected in one central agency system.
Agency CIOs shall assess training needs and develop training plans for the review and validation of software attestations and artifacts.
Agencies shall collect attestation letters for "critical software" subject to the requirements of this memorandum.
Agencies shall collect attestation letters for all software subject to the requirements of this memorandum.
Our new offering meets all NIST 800-218 requirements and is available on SEWP.
Watch this short video for an overview.
Our Software Supply Chain Security (SSCS) offering was developed in response to Executive Order 14028 to help Federal agencies meet the requirements and deadlines listed in the Office of Management & Budget (OMB) Memo 22-18.
The SSCS offering was created in accordance with the National Institute of Standards and Technology (NIST) Publication 800-218.
Learn more about OMB Memo 22-18 & EO 14028
How can Anglepoint help ensure that agencies comply with OMB’s requirements?
- Commercial: review of commercial software spend
- Inventory: review of deployments and usage (firmware, operating systems, applications, application services, and products containing software).
- Consolidate data into a streamlined single view of software providers and their products.
- Ownership: an assigned owner for each vendor.
- Executive presentation of data, including software volumes and key considerations.
Process & Training
- Design & lead stakeholder engagement sessions
- Process creation – objectives/success criteria, workflow, implementation plan
- Roles & responsibilities
- Policy Documentation
- Training — software attestations and relevant artifacts, exception process
- Contact vendors & gather data
- Create & track standardized communications
- Build a framework for tracking initial clarifications from vendors
- Including tracking compliance by vendor/product as it is achieved
The Software Supply Chain Security Offering, developed to meet NIST guidance, is available today on SEWP