For Technology Providers
As mandated by Executive Order (EO) 14028 “Improving the Nation’s Cybersecurity” and OMB Memos M-22-18 and M-23-16 “Implementing Guidance”, TVA is requiring all Software Producers to obtain an Attestation of Conformity (“Self-Attestation”) along with additional evidence such as a Software Bill of Materials (SBOM) “Artifacts”, from Software Producers, stating and demonstrating that they comply with the EO. Therefore, Software Producers are required to maintain secure development environments and trusted source code supply chains in compliance with NIST Secure Software Development Framework (SSDF) standards.
TVA will evaluate the Software Producer's Self-Attestations and Artifacts. TVA will notify the Software Producer of any required remediation.
TVA Software Vendor Compliance
- TVA Vendor Letter
- EO 14028
- Memorandum M-22-18
- Memorandum M-23-16
- Common Form Updates – CISA
- Fortress Information Security - TVA Partner
- Fortress Vendor Kit
- Q&A’s – Coming Soon