The Cybersecurity and Infrastructure Security Agency has released a framework to standardize the naming methodology for hardware bills of materials and improve supply chain risk management in information and communication technology.
The HBOM for Supply Risk Management was developed by the ICT SCRM Task Force in a bid to address logistics risks faced by critical infrastructure entities, as well as local, tribal and federal government branches, CISA announced Monday.
The guidance includes use case categories, HBOM formats and data field taxonomy. Use case categories are divided in terms of compliance, security and availability of products. The task force also recommended formatting that breaks down products into their components for easier distinction and identification.
“By enhancing transparency and traceability through HBOM, stakeholders can identify and address potential risks within the supply chain, ensuring that the digital landscape remains robust and secure against emerging threats and challenges,” said Mona Harrington, co-chair of the ICT SCRM Task Force and assistant director of CISA’s National Risk Management Center.