Two large defense contractor associations see a disconnect between the Cybersecurity and Infrastructure Security Agency's draft common form for self-attesting the security of software from contractors and the document behind the upcoming new policy, the NIST Secure Software Development Framework. CISA released a draft of the common form for comment in April. It's intended to make federal contractors raise the bar for the security of their software by making them self-attest their compliance with the SSDF. However, the two defense...
