The National Telecommunications and Information Administration (NTIA) has issued a request for public comments on NTIA’s approach to developing the minimum elements for a software bill of materials (SBOM) to comply with an executive order meant to improve U.S. cybersecurity.
The executive order signed by President Biden in May in response to recent breaches directs NTIA to release a list of elements of an SBOM to help advance transparency in the software supply chain, according to a Federal Register notice scheduled to be published Wednesday.
SBOM is “a formal record containing the details and supply chain relationships of various components used in building software,” according to the EO.
NTIA said it is proposing potential elements of an SBOM: data fields, support for automation and operational considerations. For data fields, “baseline component information” such as supplier name, component name and dependency relationship should be tracked to understand the third-party components used in building software.
NTIA is asking interested stakeholders about other elements that should be considered in the development, distribution and use of SBOMs, additional use cases that can inform the SBOM’s element and how issues such as software identity and software as a service and online services should be considered in defining SBOM elements.
Comments are due 15 days after the date of publication of notice on Federal Register.
If you want to know more about the latest updates about the Cybersecurity Maturity Model Certification, then check out Potomac Officers Club's CMMC Forum coming up on June 16. To register for this virtual forum and view other upcoming events, visit the POC Events page.