CISA Secure Software Development Framework Assessments

Submenu

For more information, please contact:

Chandler Hall
chandler.hall@sentar.com
(256) 836-7853

If your government contractor sells or licenses software to U.S. federal agencies, your company may be required to attest that it develops its software products/components following NIST SP 800-218, the Secure Software Development Framework (SSDF).

Need help with Self-Attesting to the CISA Secure Software Development Framework?

Our team is familiar with assisting companies as they navigate the requirements associated with Self-Attestation. As a FedRAMP 3PAO, Sentar is qualified to verify your company’s compliance against NIST 800-218.

Regardless of whether you are seeking assistance on how to self-attest one software development program or twenty-five plus, Sentar 3PAO can ensure your deadlines are reached to maintain customer satisfaction.

Our deliverables include:

  1. A Discussion Workshop to help the organization determine what is in scope for Self-Attestation
  2. A Letter of Attestation confirming compliance against NIST 800-218 (for each business unit/program, as applicable)
  3. A Security Assessment Report (SAR) outlining the company’s assessment results for each control as defined by NIST 800-218 (for each business unit/program, as applicable)
  4. A list of POA&Ms (as applicable)

In creating our assessment methodology, our team has been utilizing the following:

For more information, please contact:

Chandler Hall
chandler.hall@sentar.com
(256) 836-7853

Need help with your CMMC assessment scope?

Download Sentar’s latest whitepaper, “Tips on Establishing Your Assessment Scoping Boundary from a C3PAO”

download whitepaper

We’re Hiring

Join the fastest-growing team in cyber
Careers at Sentar

© Sentar, inc., All rights reserved