<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=705633339897683&amp;ev=PageView&amp;noscript=1">

Compliance with government cybersecurity requirements 

Does your organization sell software to the U.S. government? The U.S. government has announced a new requirement that will mandate that its software suppliers self attest that they follow the secure software development practices outlined in the NIST Secure Software Development Framework (SSDF). 

Dates for compliance are approaching soon (likely Q4 2023 for critical software and Q1 2024 for all other software), and organizations that do not meet compliance deadlines may risk losing valuable government contracts. 

Schedule a demo

Watch the demo


The only source for open source maintainer-validated attestation data

Tidelift is the only source for first-party attestation data from the maintainers behind thousands of open source packages that go into your software, aligned to the U.S. government’s NIST Secure Software Development Framework (SSDF) standards. In addition, we provide:

A standardized attestations report, to be used as evidence that the open source dependencies in your org’s applications follow secure software development best practices.
A solution for dynamically tracking attestations for open source components going into your product, and keeping the attestations current in an automated manner.

Learn more about government attestation requirements

Tidelift US Government guidelines guide (1)
See how emerging US government cybersecurity actions affect your business
Read now
Learn how upcoming regulatory guidelines impact your organization with our new government open source cybersecurity resource center
Get a complete view of government actions impacting open source

Read now