In May 2021, the White House issued the Executive Order on Improving the Nation's Cybersecurity (EO14028), further operationally clarified by OMB Memorandum M-23-16, Enhancing the Security of the Software Supply Chain through Secure Software Development Practices. These directives aimed to strengthen the cyber operational resilience of US Federal agencies by improving cybersecurity standards, public/private information sharing, and software supply chain security. Pursuant to the orders, the National Institute of Standards and Technology (NIST) published NIST Special Publication 800-218 and the NIST Software Supply Chain Security Guidance (collectively the NIST Secure Software Development Framework, or NIST SSDF) providing best practice guidance.
As part of these directives, US Federal agencies are obligated to obtain attestations from software producers detailing the producer's alignment with government guidance. To streamline the attestation process, the US Cybersecurity & Infrastructure Security Agency (CISA) and the Office of Management and Budget (OMB) have produced a common attestation form detailing the required minimum secure development practices.
Rockwell Automation is proud to be a supplier to the US Government and its prime contractors. In support of the relationships and trust built over many years, we embrace the opportunity to attest to the secure software development practices we use to develop our software and firmware products.
Click here to complete a Secure Software Development Attestation request.