CISA Issues Draft Software Bill of Materials Guide for Public Comment
What’s new: CISA has released a draft guide for the Minimum Elements for a Software Bill of Materials (SBOM) for public comment. This updated guide reflects advancements in SBOM practices since the 2021 publication by NTIA, aiming to enhance transparency in software supply chains. Key additions include component hash, license, tool name, and generation context, with existing elements updated for clarity. The public comment period is open until October 3, 2025.
Who’s affected
Federal agencies, software manufacturers, and organizations involved in software development and supply chain management are impacted by this guidance, as it aims to improve software security and risk management practices.
What to do
- Review the draft SBOM guidance and provide feedback during the public comment period, which ends on October 3, 2025.
- Consider how the updated SBOM elements can be integrated into your software development and supply chain processes.
- Stay informed about the final version of the SBOM Minimum Elements after the public comment period concludes.
