Priya Patel
TLDR:
- Many software companies failed to meet the CISA’s Software Development Attestation Form deadline set for June 11, 2024.
- Survey results show that budget and staff restrictions, as well as a lack of awareness of requirements, contributed to non-compliance.
Time has run out for software companies to meet the CISA’s Software Development Attestation Form deadline as of June 11. A survey conducted by Lineaje revealed that a majority of software contractors were not prepared to comply with cybersecurity standards, including the implementation of Software Bills of Materials required by Executive Order 14028 in May 2021. The lack of compliance was attributed to budget constraints, staffing issues, and limited awareness of the requirements.
The Software Development Attestation Form, part of the presidential order, serves as a way for software producers to affirm their adherence to guidelines for securing networks when selling to the federal government. Failure to comply can have serious implications, as seen in the case of the SolarWinds incident in 2020, which highlighted the vulnerabilities in software supply chains. Despite the importance of these security protocols, a significant percentage of organizations were unaware of the executive order and its specific requirements.
The survey results emphasized the need for increased awareness and immediate action to enhance cybersecurity posture. While the executive order does not carry the force of law, compliance is incentivized for companies wishing to do business with the federal government. As agencies work on rules to enforce compliance, software vendors and cybersecurity professionals need to educate themselves and ensure they meet upcoming deadlines to protect their organizations and contribute to national cybersecurity efforts.
