A cybersecurity rule coming later this year on federal software purchases has elicited objections from agency contracting offices and vendors.
The rule will require agencies to obtain “self-attestation letters” from software vendors declaring a product adheres to National Institute of Standards and Technology guidance.
Joanne Woytek, NASA program manager for the governmentwide acquisition contract known as SEWP, said the impetus behind the rule is “admirable” but it needs to be made “scalable and doable.”
Federal Acquisition Regulation officials are still considering the proposed rule, but the General Services Administration said it will start collecting attestations by mid-June.
GSA is in ...
Learn more about Bloomberg Law or Log In to keep reading:
Learn About Bloomberg Law
AI-powered legal analytics, workflow tools and premium legal & business news.
Already a subscriber?
Log in to keep reading or access research tools.