2024-08-14.md: U.S. Department of Energy

2009/2009-03-21.md

@@ -12,4 +12,4 @@
 
 ## Links
 
-[<< prev](../2024/2024-08-07.md) | [up](../) | [next >> ](../2010/2010-12-23.md)
+[<< prev](../2024/2024-08-14.md) | [up](../) | [next >> ](../2010/2010-12-23.md)

2024/2024-08-07.md

@@ -23,4 +23,4 @@
 
 ## Links
 
-[<< prev](2024-06-03.md) | [up](../) | [next >> ](../)
+[<< prev](2024-06-03.md) | [up](../) | [next >> ](2024-08-14.md)

2024/2024-08-14.md

@@ -0,0 +1,77 @@
+# U.S. Department of Energy
+
+    OMB Control No. 1670-0052
+    Expires: 03/31/2027
+
+    Hello Haxx
+
+    ** The following communication contains important DOE Secure
+    Software Development Attestation Submission instructions.
+    Please read this communication in its entirety. **
+
+    The U.S. Department of Energy (DOE) has identified your
+    company's software as affected by this request. The list of
+    impacted software products and versions can be found below.
+
+    DOE Request:
+
+    In support of the Office of Management and Budget (OMB)
+    requirement to collect attestations per M-22-18, please
+    complete the U.S. Department of Energy Secure Software
+    Development Attestation Form (DOE Common Form). If you are
+    unable to attest to all secure software development
+    framework (SSDF) practices, please be sure to attach your
+    Plan of Action and Milestones (POA&M). The software listed
+    below has been identified as being associated with your
+    company and requires DOE to collect an attestation for the
+    software.
+
+    Product Name      Version Number
+
+    libcurl           8.3
+
+    The U.S. Department of Energy Secure Software Development
+    Attestation Form (DOE Common Form) can be found at DOE F
+    205.2 Secure Software Development Attestation Form
+    (energy.gov). The DOE Common Form identifies the minimum
+    secure software development requirements a Software Producer
+    must meet, and attest to meeting, before software subject to
+    the requirements of M-22-18 as updated by M-23-16, may be
+    used by Federal agencies. This form is used by Software
+    Producers to attest that the software they produce is
+    developed in conformity with specified secure software
+    development practices and standards.
+
+    If you would like to submit your own attestation in lieu of
+    completing the fillable PDF copy of the DOE Common Form, you
+    may use one of the methods below:
+
+    * Provide a completed PDF of the CISA Secure Software
+      Development Attestation Form.
+
+    * Provide a public facing URL to the company's publicly
+      posted Secure Software Development Attestation Form in
+      response to this email request.
+
+    * Provide a completed PDF of the certified FedRAMP Third
+      Party Assessor Organization (3PAO). A third-party
+      assessment is acceptable in lieu of a self-attestation, if
+      provided by either a certified FedRAMP Third Party
+      Assessor Organization (3PAO) or one approved by the
+      agency. The 3PAO used needs to utilize NIST Guidance as
+      the assessment baseline.
+
+    If you experience any issues or have any questions, please
+    contact [email protected].
+
+    Regards,
+
+    DOE OCIO C-SCRM Team
+
+## Blogged
+
+<https://daniel.haxx.se/blog/2024/08/14/so-the-department-of-energy-emailed-me/>
+
+## Links
+
+[<< prev](2024-08-07.md) | [up](../) | [next >> ](../)

list.md

@@ -86,5 +86,6 @@ This is the full index of the emails in the collection.
 |80|[the most advanced toolkit in the world](2024/2024-05-20.md)|2024-05-20|
 |81|[Rainbow 6 Siege Activation issue](2024/2024-06-03.md)|2024-06-03|
 |82|[Question regarding you hacking my webserver?](2024/2024-08-07.md)|2024-08-07|
+|83|[U.S. Department of Energy](2024/2024-08-14.md)|2024-08-14|
 
 [back to main page](../)