The U.S. Army has asked industry for insights on how to collect and use software bills of materials to help improve the security of its software supply chains and comply with the policies codified in the May 2021 executive order on cybersecurity.
The service will use the responses to the request for information to inform technical policies and contracting guidance for acquiring software, according to a notice published on Oct. 21.
Interested stakeholders should answer several questions related to SBOM requirements, including the type of contractual language that their companies expect to see from a solicitation that includes SBOMs as a primary deliverable and potential approaches that could be used to secure the supply chain when contracting for software development services.
The Army is also requesting information on new concepts that could be explored when contracting for secure software development.
Young Bang, principal deputy assistant secretary of the Army for acquisition, logistics and technology, said the military branch “is going to go headfirst into SBOMs,” according to a report by Federal News Network.
“Some of you might have concerns on it — that’s great,” Bang said during a panel on Oct. 11 at a conference in Washington. “We want to hear those concerns, come and talk to us specifically about it, but it’s going to happen. We’re going to do it, and the Army is going to be the first agency that is going to implement this correctly.”
Responses to the RFI are due Nov. 10.
