Agencies Collaborate on SBOM Guidelines to Strengthen Supply Chain

A new cybersecurity technical report titled “Securing the Software Supply Chain: Recommended Practices for Software Bill of Materials Consumption” is now available to software developers, suppliers and customers keen to enhance the integrity and security of their systems and offerings.

The National Security Agency, the Office of the Director of National Intelligence and the Cybersecurity and Infrastructure Security Agency, along with industry partners, unveiled the report developed by the Enduring Security Framework Software Supply Chain Working Group.

The guidance addresses contractual agreements, software releases, updates and vulnerability mitigations. It also responds to escalating cyberthreats exploiting software supply chain weaknesses, aiming to strengthen defenses against national state adversaries, the NSA said.

The document provides advice on software bill of materials consumption, lifecycle, risk scoring and operational implementation.

ESF emphasized the significance of SBOM transparency for improved patch management and cybersecurity. Industry leaders welcomed the guidance, recognizing the pivotal role SBOM plays in securing the software supply chain and enabling timely risk-based mitigation responses.