A cybersecurity rule coming later this year on federal software purchases has elicited objections from agency contracting offices and vendors.
The rule will require agencies to obtain “self-attestation letters” from software vendors declaring a product adheres to National Institute of Standards and Technology guidance.
Joanne Woytek, NASA program manager for the governmentwide acquisition contract known as SEWP, said the impetus behind the rule is “admirable” but it needs to be made “scalable and doable.”
Federal Acquisition Regulation officials are still considering the proposed rule, but the General Services Administration said it will start collecting attestations by mid-June.
GSA is in ...
Learn more about Bloomberg Law or Log In to keep reading:
See Breaking News in Context
Bloomberg Law provides trusted coverage of current events enhanced with legal analysis.
Already a subscriber?
Log in to keep reading or access research tools and resources.