Stay Informed
of New Reports
Twitter
Where To Report Waste
Fraud, Abuse, Or Retaliation
Where To Report Waste Fraud, Abuse, Or Retaliation
Recommendation Details
Text of Recommendation
FHFA should update FHFA’s Supply Chain Risk Management Strategy to include past due OMB M-22-18 requirements including: i. Obtaining a self-attestation from the software producer before using the software; ii. Obtaining from software producers artifacts that demonstrate conformance to secure software development practices, as needed; iii. Establishing a system to store self-attestation letters from the software producer that are not publicly available in a central location; and iv. Assessing and developing training for reviewing and validating self-attestation letters.
Recommendation Number
AUD-2023-004-1
Recommendation Status
Open
Significant Recommendation
No
Recommendation Questioned Costs
$0
Recommendation Funds for Better Use
$0