Skip to main content

For Technology Providers

As mandated by Executive Order (EO) 14028 “Improving the Nation’s Cybersecurity” and OMB Memos M-22-18 and M-23-16 “Implementing Guidance”, TVA is requiring all Software Producers to obtain an Attestation of Conformity (“Self-Attestation”) along with additional evidence such as a Software Bill of Materials (SBOM) “Artifacts”, from Software Producers, stating and demonstrating that they comply with the EO. Therefore, Software Producers are required to maintain secure development environments and trusted source code supply chains in compliance with NIST Secure Software Development Framework (SSDF) standards.

TVA will evaluate the Software Producer's Self-Attestations and Artifacts. TVA will notify the Software Producer of any required remediation.