The CISA form notes that providing false or misleading information on the form could result in a violation of 18 U.S.C. § 1001, which imposes criminal liability for false statements.

In a blog post, Chris DeRusha, the federal chief information security officer and deputy national cyber director, and Eric Goldstein, CISA’s executive assistant director for cybersecurity, said that ...

Federal CISO Chris DeRusha said the new standardized approach to collecting self-attestation forms from third-party software providers could be released as early as this week.

CISA released its initial draft Form on April 27, 2023, and released this revised version on November 16, 2023. The attestations in the Form are derived from NIST's SSDF.