NITAAC is committed to ensuring our contract holders can successfully respond to the Office of Management and Budget (OMB) directives on software attestation and enhancing the security of the software supply chain (M-22-18 and M-23-16). NITAAC supports the use of the CISA common form and encourages all our contract holders to adhere to the deadlines outlined by the OMB. 

Starting three months after the release of the final version of the common form, NITAAC agency customers may request copies of the completed self-attestation common form upon issuance of the Request for Quotes (RFQ) or the Request for Proposals (RFP) for items determined to be secure software in accordance with the dates stated in M-23-16. Additionally, within six months of release of the final common form by CISA, software self-attestation will be required by software providers for software fitting the description in the memorandums. NITAAC agency customers will have the option to request a copy of the CISA self-attestation common form with their solicitation(s).  

As more information is provided, NITAAC will be sure to keep you apprised of any changes in the timeline or other deliverables that will have a direct impact on your businesses.