CISA Issues Draft Software Bill of Materials Guide for Public Comment
CISA Issues Draft Software Bill of Materials Guide for Public Comment — WASHINGTON – Today, the Cybersecurity and Infrastructure Security Agency (CISA) releas
What’s new: CISA has released a draft guide for the Minimum Elements of a Software Bill of Materials (SBOM) for public comment. This updated guidance reflects advancements in SBOM practices since the 2021 publication by NTIA, aiming to enhance transparency in software supply chains. Key additions include component hash, license, tool name, and generation context, while existing elements have been clarified. The public comment period is open until October 3, 2025.
Who’s affected
Federal agencies, software manufacturers, and organizations involved in software development and supply chain management are directly impacted by this guidance.
What to do
- Review the draft SBOM guidance and consider providing feedback during the public comment period.
- Stay informed about SBOM practices and updates to enhance your organization’s software security posture.
- Visit the CISA SBOM page for additional resources and information.
