Software bill of materials
NSA Publishes Guidance on SBOM-Centered Cybersecurity Supply Chain Risk Management
The National Security Agency has released a cybersecurity information sheet to help network owners and operators protect the cybersecurity supply chain through software bills of materials.
The CSI, titled “Recommendations for Software Bill of Materials Management,” includes measures to help operators implement effective SBOM tool management. According to the CSI, SBOM management includes examining and managing risks before acquiring software, analyzing vulnerabilities after deploying new products and implementing incident management measures to detect and respond to new threats.
Organizations can achieve effective risk, vulnerability and incident management by implementing a robust cybersecurity supply chain risk management SBOM management strategy that promotes software trustworthiness, integrity and authenticity, the NSA said.
The SBOM CSI follows other guidance the NSA and its partners released throughout 2023.
Earlier in December, an NSA-led private-public working group issued guidance on how to manage open-source software and SBOMs effectively. The guidance offers suggestions on how developers and large companies can create approaches to describe and evaluate software lifecycle security practices.
In October, the agency issued a CSI recommending steps to ensure that devices used by federal agencies and their partners meet zero trust cybersecurity benchmarks.
Category: Cybersecurity