Secure Software Development Attestation Form

To ensure a safe and secure digital ecosystem for all Americans, CISA released the Secure Software Development Attestation Form on March 11, 2024, taking a major step in the implementation of its requirement that producers of software used by the Federal Government attest to the adoption of secure development practices. CISA developed this form in close consultation with the Office of Management and Budget (OMB) and based upon practices established in the National Institute of Standards and Technology’s Secure Software Development Framework (SSDF). 

The release of the secure software development attestation form reinforces secure by design principles advanced by CISA, Federal government partners, and international allies. As a step on this journey, Executive Order 14028 and the OMB M-22-18, Enhancing the Security of the Software Supply Chain through Secure Software Development Practices, and OMB M-23-16, Update to Memorandum M-22-18, required development of an attestation form in which software producers serving the federal government will be required to confirm implementation of specific security practices. 

The attestation form provides submission instructions which include email and online options. The online option is the Repository for Software Attestations and Artifacts. 

To read about the announcement of the attestation form and repository:


Repository for Software Attestations and Artifacts (RSAA) 

Through this repository, both federal agency representatives and software producers alike will be able to review and upload software attestation forms, artifacts, and make organization specific annotations to entries in accordance with their job responsibilities.

RSAA User Guide 

View user guide...

RSAA webpage 

view webpage...

Secure Software Development Attestation Form