Notice regarding Executive Order 14028, Improving the Nation's Cybersecurity

expired opportunity(Expired)
From: Federal Government(Federal)

Basic Details

started - 07 Mar, 2023 (13 months ago)

Start Date

07 Mar, 2023 (13 months ago)
due - 09 Mar, 2024 (1 month ago)

Due Date

09 Mar, 2024 (1 month ago)
Bid Notification

Type

Bid Notification

Identifier

N/A
VETERANS AFFAIRS, DEPARTMENT OF

Customer / Agency

VETERANS AFFAIRS, DEPARTMENT OF (102731)VETERANS AFFAIRS, DEPARTMENT OF (102731)

Attachments (1)

unlockUnlock the best of InstantMarkets.

Please Sign In to see more out of InstantMarkets such as history, intelligent business alerts and many more.

Don't have an account yet? Create a free account now.

This notification is being provided to alert software contractors (including producers and resellers) to read and understand Executive Order (EO) 14028, Improving the Nation's Cybersecurity (issued May 12, 2021) requiring agencies to enhance cybersecurity and software supply chain integrity. Further, as defined in the Software Security Guidance Under Executive Order (EO) 14028 Section 4e, these requirements apply to all software acquired and/or used by VA, which includes firmware, operating systems, applications, and application services (e.g., cloud-based software, as well as products containing software). On September 14, 2022, Office of Management and Budget (OMB) released Memorandum M-22-18 to instruct Federal agencies to comply with the NIST Guidance when using third-party software on the agency’s information systems or otherwise affecting the agency’s information. This includes new software purchases, software renewals and major version changes for software developed or modified
after the issuance date of M-22-18. The FAR Council has opened a proposed rule, FAR Case 2023-002, to implement section 4(n) of EO 14028. This rule will also focus on the requirements outlined in OMB M-22-18. VA intends to implement collection of the attestation letters in accordance with the OMB memorandum and once the rule is finalized; relevant VA acquisition policy may be updated to further implement the FAR rule. At this time, evidence of documentation is not required to be provided to VA until such time that notification is provided to vendors. OMB Memorandum M-22-18 Enhancing the Security of the Software Supply Chain through Secure Software Development PracticesFederal Register - EO 14028 Improving the Nation's CybersecurityOMB Memorandum M-22-09, Moving the U.S. Government Toward Zero Trust Cybersecurity PrinciplesNational Security Memorandum/NSM-8 on Improving the Cybersecurity of National Security, Department of Defense, and Intelligence Community SystemsOMB Memorandum M-22-05, Fiscal Year 2021-2022 Guidance on Federal Information Security and Privacy Management RequirementsOMB Memorandum M-22-01, Improving Detection of Cybersecurity Vulnerabilities and Incidents on Federal Government Systems through Endpoint Detection and ResponseOMB Memorandum M-21-31 Improving the Federal Government%u2019s Investigative and Remediation Capabilities Related to Cybersecurity IncidentOMB Memorandum M-21-30 Protecting Critical Software Through Enhanced Security Measures

United StatesLocation

Place Of Performance : United States

Country : United States

You may also like

SECURITY CONTRACT

Due: 30 Nov, 2025 (in 19 months)Agency: BUREAU OF INDIAN AFFAIRS

THIS ACTIVITY WILL STRENGTHEN THE CYBERSECURITY OF UKRAINE'S CRITICAL INFRASTRUCTURE.

Due: 17 Sep, 2024 (in 5 months)Agency: AGENCY FOR INTERNATIONAL DEVELOPMENT

CYBERSECURITY POLICY SERVICES TASK ORDER

Due: 17 May, 2029 (in about 5 years)Agency: EDUCATION, DEPARTMENT OF

Please Sign In to see more like these.

Don't have an account yet? Create a free account now.