-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
2024-08-14.md: U.S. Department of Energy
- Loading branch information
Showing
4 changed files
with
80 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,77 @@ | ||
# U.S. Department of Energy | ||
|
||
OMB Control No. 1670-0052 | ||
Expires: 03/31/2027 | ||
|
||
Hello Haxx | ||
|
||
** The following communication contains important DOE Secure | ||
Software Development Attestation Submission instructions. | ||
Please read this communication in its entirety. ** | ||
|
||
The U.S. Department of Energy (DOE) has identified your | ||
company's software as affected by this request. The list of | ||
impacted software products and versions can be found below. | ||
|
||
DOE Request: | ||
|
||
In support of the Office of Management and Budget (OMB) | ||
requirement to collect attestations per M-22-18, please | ||
complete the U.S. Department of Energy Secure Software | ||
Development Attestation Form (DOE Common Form). If you are | ||
unable to attest to all secure software development | ||
framework (SSDF) practices, please be sure to attach your | ||
Plan of Action and Milestones (POA&M). The software listed | ||
below has been identified as being associated with your | ||
company and requires DOE to collect an attestation for the | ||
software. | ||
|
||
Product Name Version Number | ||
|
||
libcurl 8.3 | ||
|
||
The U.S. Department of Energy Secure Software Development | ||
Attestation Form (DOE Common Form) can be found at DOE F | ||
205.2 Secure Software Development Attestation Form | ||
(energy.gov). The DOE Common Form identifies the minimum | ||
secure software development requirements a Software Producer | ||
must meet, and attest to meeting, before software subject to | ||
the requirements of M-22-18 as updated by M-23-16, may be | ||
used by Federal agencies. This form is used by Software | ||
Producers to attest that the software they produce is | ||
developed in conformity with specified secure software | ||
development practices and standards. | ||
|
||
If you would like to submit your own attestation in lieu of | ||
completing the fillable PDF copy of the DOE Common Form, you | ||
may use one of the methods below: | ||
|
||
* Provide a completed PDF of the CISA Secure Software | ||
Development Attestation Form. | ||
|
||
* Provide a public facing URL to the company's publicly | ||
posted Secure Software Development Attestation Form in | ||
response to this email request. | ||
|
||
* Provide a completed PDF of the certified FedRAMP Third | ||
Party Assessor Organization (3PAO). A third-party | ||
assessment is acceptable in lieu of a self-attestation, if | ||
provided by either a certified FedRAMP Third Party | ||
Assessor Organization (3PAO) or one approved by the | ||
agency. The 3PAO used needs to utilize NIST Guidance as | ||
the assessment baseline. | ||
|
||
If you experience any issues or have any questions, please | ||
contact [email protected]. | ||
|
||
Regards, | ||
|
||
DOE OCIO C-SCRM Team | ||
|
||
## Blogged | ||
|
||
<https://daniel.haxx.se/blog/2024/08/14/so-the-department-of-energy-emailed-me/> | ||
|
||
## Links | ||
|
||
[<< prev](2024-08-07.md) | [up](../) | [next >> ](../) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters