SolarWinds Becomes First Software Provider to Align With New CISA Secure Software Development Guidance

March 21, 2024

SolarWinds leads industry in attesting to alignment with OMB, NIST, SSDF frameworks for secure software development

SolarWinds (NYSE:SWI), a leading provider of simple, powerful, secure observability and IT management software, today announced it has submitted its Secure Software Development self-attestation in alignment with Cybersecurity and Infrastructure Security Agency (CISA) and Office of Management and Budget (OMB) requirements. In submitting its form to the Repository for Software Attestation and Artifacts (RSAA), SolarWinds is the first software provider to publish CISA self-attestation in alignment with U.S. government requirements of all software providers.

Endorsed by the White House and released by CISA this month, the Secure Software Development Attestation Form is part of a comprehensive Department of Homeland Security (DHS) strategy to fortify the software supply chain, promote transparent information-sharing between the public and private sectors, and encourage a proactive community approach to cyber threats to safeguard the nation's digital infrastructure.

SolarWinds has taken a significant step in promoting secure software practices by submitting this attestation that its products are designed with security as a foundational element, in line with not only NIST Secure Software Development Framework (SSDF) guidelines but the framework provided by the Office of Management and Budget's directive (M-22-18). Furthermore, submitting this attestation further underscores SolarWinds' capability to provide a clear and digitally accessible Software Bill of Materials (SBOM) with detailed insights across all of a digital ecosystem's components and interdependencies.

"In a landscape where cybersecurity threats are ever-evolving, public-private partnerships remain absolutely paramount for creating a secure and resilient digital infrastructure for our nation,” said Chip Daniels, Vice President of Government Affairs at SolarWinds. “By working hand in hand, we can ensure that our cybersecurity measures are not just reactive but proactively designed to anticipate and mitigate threats. This collaboration across sectors is necessary to support CISA, create unified best practices for information-sharing between companies and government agencies, and develop shared threat intelligence for a more resilient and secure supply chain, nation—and future.”

SolarWinds submitted self-attestation for the following solutions:

  • Hybrid Cloud Observability version 2024.1
  • Hybrid Cloud Observability (formerly Orion) modules:
  • Network Performance Monitor (NPM), NetFlow Traffic Analyzer (NTA), Network Configuration Manager (NCM), VoIP & Network Quality Manager (VNQM), IP Address Manager (IPAM), User Device Tracker (UDT), Virtualization Manager (VMAN), Log Analyzer, Server & Application Monitor (SAM), Server Configuration Monitor (SCM), Storage Resource Monitor (SRM), and Web Performance Monitor (WPM)
  • SolarWinds Observability (as of March 5, 2024)
  • IT Service Management (as of March 17, 2024)

"In order to pioneer secure software development, we understand that security is not just a feature but the very foundation upon which modern digital ecosystems must be built. At SolarWinds, we are committed to setting new standards in cybersecurity, embracing transparency, and fostering a culture of relentless innovation," said Tim Brown, Chief Information Security Officer and Vice President of Security at SolarWinds. "Our alignment with the latest CISA guidelines is a testament to our unwavering dedication to not only protect our global digital infrastructure but to lead by example. We believe in empowering our customers with solutions that are not just secure by design, but also resilient in the face of evolving threats."

SolarWinds recently hosted a panel event in Washington, D.C., featuring Congressman Raja Krishnamoorthi (D-IL), Christopher D. Roberti, Senior Vice President for Cyber, Space, and National Security Policy at the U.S. Chamber of Commerce, and SolarWinds President and CEO Sudhakar Ramakrishna. The discussion focused on the evolving nation-state threat actors who are increasingly targeting critical infrastructure and how to build the public-private partnerships needed to combat these threats. The event additionally included a briefing on the SolarWinds suite of secure solutions, designed via its Next-Generation Build System to help government entities streamline and upgrade IT services while meeting constituent needs.

For more information about the SolarWinds Secure by Design principles, visit

Additional Resources

Connect with SolarWinds

This press release contains “forward-looking” statements, which are subject to the safe harbor provisions of the Private Securities Litigation Reform Act of 1995, including statements regarding our self-attestation form, including our ability to promote secure software practices and anticipate and mitigate cybersecurity threats. These forward-looking statements are based on management's beliefs and assumptions and on information currently available to management. Forward-looking statements include all statements that are not historical facts and may be identified by terms such as “aim,” “anticipate,” “believe,” “can,” “could,” “seek,” “should,” “feel,” “expect,” “will,” “would,” “plan,” “intend,” “estimate,” “continue,” or similar expressions and the negatives of those terms. Forward-looking statements involve known and unknown risks, uncertainties, and other factors that may cause actual results, performance, or achievements to be materially different from any future results, performance, or achievements expressed or implied by the forward-looking statements. Factors that could cause or contribute to such differences include but are not limited to, the risks and uncertainties described more fully in documents filed with or furnished to the Securities and Exchange Commission, including the risk factors discussed in our Annual Report on Form 10-K for the period ended December 31, 2023, filed on February 16, 2024. All information provided in this release is as of the date hereof, and SolarWinds undertakes no duty to update this information except as required by law.




About SolarWinds

SolarWinds (NYSE:SWI) is a leading provider of simple, powerful, secure observability and IT management software built to enable customers to accelerate their digital transformation. Our solutions provide organizations worldwide—regardless of type, size, or complexity—with a comprehensive and unified view of today’s modern, distributed, and hybrid network environments. We continuously engage with IT service and operations professionals, DevOps and SecOps professionals, and database administrators (DBAs) to understand the challenges they face in maintaining high-performing and highly available hybrid IT infrastructures, applications, and environments. The insights we gain from them, in places like our THWACK community, allow us to address customers’ needs now and in the future. Our focus on the user and our commitment to excellence in end-to-end hybrid IT management have established SolarWinds as a worldwide leader in solutions for observability, IT service management, application performance, and database management. Learn more today at

The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks of) their respective companies.

© 2024 SolarWinds Worldwide, LLC. All rights reserved.

Media Contacts

John Eddy

Goldin Solutions

Phone: +1-646-660-8648

Jenne Barbour


Phone: +1-512-498-6804

Investor Contacts

Tim Karaca


Source: SolarWinds Worldwide, LLC.