emails

U.S. Department of Energy

OMB Control No. 1670-0052
Expires: 03/31/2027

Hello Haxx

** The following communication contains important DOE Secure
Software Development Attestation Submission instructions.
Please read this communication in its entirety. **

The U.S. Department of Energy (DOE) has identified your
company's software as affected by this request. The list of
impacted software products and versions can be found below.

DOE Request:

In support of the Office of Management and Budget (OMB)
requirement to collect attestations per M-22-18, please
complete the U.S. Department of Energy Secure Software
Development Attestation Form (DOE Common Form). If you are
unable to attest to all secure software development
framework (SSDF) practices, please be sure to attach your
Plan of Action and Milestones (POA&M). The software listed
below has been identified as being associated with your
company and requires DOE to collect an attestation for the
software.

Product Name      Version Number

libcurl           8.3

The U.S. Department of Energy Secure Software Development
Attestation Form (DOE Common Form) can be found at DOE F
205.2 Secure Software Development Attestation Form
(energy.gov). The DOE Common Form identifies the minimum
secure software development requirements a Software Producer
must meet, and attest to meeting, before software subject to
the requirements of M-22-18 as updated by M-23-16, may be
used by Federal agencies. This form is used by Software
Producers to attest that the software they produce is
developed in conformity with specified secure software
development practices and standards.

If you would like to submit your own attestation in lieu of
completing the fillable PDF copy of the DOE Common Form, you
may use one of the methods below:

* Provide a completed PDF of the CISA Secure Software
  Development Attestation Form.

* Provide a public facing URL to the company's publicly
  posted Secure Software Development Attestation Form in
  response to this email request.

* Provide a completed PDF of the certified FedRAMP Third
  Party Assessor Organization (3PAO). A third-party
  assessment is acceptable in lieu of a self-attestation, if
  provided by either a certified FedRAMP Third Party
  Assessor Organization (3PAO) or one approved by the
  agency. The 3PAO used needs to utilize NIST Guidance as
  the assessment baseline.

If you experience any issues or have any questions, please
contact doe.attestation@hq.doe.gov.

Regards,

DOE OCIO C-SCRM Team

Blogged

https://daniel.haxx.se/blog/2024/08/14/so-the-department-of-energy-emailed-me/

« prev up next »