Comply with the Executive Order, and Stay Ahead
In September 2022, the White House Office of Management and Budget (OMB) released memo M-22-18, instructing federal agencies to adopt guidelines developed by NIST in line with Executive Order 14028 on Improving the Nation’s Cybersecurity. The memo clarifies that SBOMs (Software Bill of Materials) stand as the favored approach to showcase compliance with NIST’s secure software development standards. Furthermore, an increasing number of private sector companies are likely to mandate them.
A Software Bill of Materials (SBOM) is a formal, machine-readable inventory of software components and dependencies that includes information about those components and their hierarchical relationships. It can be shared and exchanged automatically among stakeholders (e.g., software vendors, consumers) to enhance software development, software supply chain management, vulnerability management, asset management, and procurement. This results in reduced costs, security risks, license risks, and compliance risks.