Loading...

Subscribe to newsletters
About Us
Industries
Careers
Events
Locations
Services
Professionals
Client Portals
Insights
Contact Us
Legal & Privacy
Pay Invoice

Baker Tilly US, LLP and Baker Tilly Advisory Group, LP and its subsidiary entities provide professional services through an alternative practice structure in accordance with the AICPA Code of Professional Conduct and applicable laws, regulations and professional standards. Baker Tilly US, LLP is a licensed independent CPA firm that provides attest services to clients. Baker Tilly Advisory Group, LP and its subsidiary entities provide tax and business advisory services to their clients. Baker Tilly Advisory Group, LP and its subsidiary entities are not licensed CPA firms. © 2025 Baker Tilly Advisory Group, LP

Baker Tilly Advisory Group, LP and Baker Tilly US, LLP are independent members of Baker Tilly International. Baker Tilly International Limited is an English company. Baker Tilly International provides no professional services to clients. Each member firm is a separate and independent legal entity and each describes itself as such. Baker Tilly Advisory Group, LP and Baker Tilly US, LLP are not Baker Tilly International’s agent and do not have the authority to bind Baker Tilly International or act on Baker Tilly International’s behalf. None of Baker Tilly International, Baker Tilly Advisory Group, LP, Baker Tilly US, LLP, nor any of the other member firms of Baker Tilly International has any liability for each other’s acts or omissions. The name Baker Tilly and its associated logo is used under license from Baker Tilly International Limited.

Consultants review software development code

Article

Infographic: secure software development self-attestations on the horizon

Guidance issued by the Office of Management and Budget

Oct 31, 2022

Subscribe to newsletters

Share

Related sections

  • Government Contractor Supply Chain Risk Management

Tags

SBOM
supply chain risk management

The importance of enhancing the security of the software supply chain through secure software development practices is top of mind for the federal government.

Per a memo issued by the Office of Management and Budget the requirement of U.S. federal agencies to ensure that producers of software they procure follow a risk-based approach for secure software development is addressed. This applies to software developed or modified after Sept. 14, 2022.

Following is a set of practices provided by NIST Software Supply Chain Security Guidance that create the foundation for developing secure software:

  • NIST SP 800-218 Secure Software Development Framework (SSDF)
  • NIST Software Supply Chain Security Guidance

View infographic to access key takeaways of the requirements, as well as a timeline.

Access now

For more information on this topic, or to learn how Baker Tilly specialists can help, contact our team.

Related sections

  • Government Contractor Supply Chain Risk Management

Article Tags

SBOMsupply chain risk management