Newest Software Cybersecurity Rule Draws Jeers from Agencies

A cybersecurity rule coming later this year on federal software purchases has elicited objections from agency contracting offices and vendors.

The rule will require agencies to obtain “self-attestation letters” from software vendors declaring a product adheres to National Institute of Standards and Technology guidance.

Joanne Woytek, NASA program manager for the governmentwide acquisition contract known as SEWP, said the impetus behind the rule is “admirable” but it needs to be made “scalable and doable.”

Federal Acquisition Regulation officials are still considering the proposed rule, but the General Services Administration said it will start collecting attestations by mid-June.

GSA is in ...