FORT MEADE, Md –
FORT MEADE, Md. - The National Security Agency (NSA) is joining the Cybersecurity and Infrastructure Security Agency (CISA) and others to release the
Cybersecurity Information Sheet (CSI), “A Shared Vision of Software Bill of Materials (SBOM) for Cybersecurity,” to inform producers, choosers, and operators of software of the advantages of integrating SBOM generation, analysis, and sharing into existing security processes and practices.
Understanding the risks in a software’s supply chain, including the risks of the software components, is fundamental for a more secure software ecosystem. SBOM enables greater visibility across an organization’s supply chain and enterprise system by documenting information about software dependencies.
The CSI outlines the value of increased software component and supply chain transparency in addressing these risks and securing the software ecosystem.
Further, the report provides risk management practices for organizations to leverage the transparency associated with SBOMs and mitigate software supply chain vulnerabilities, along with examples of how they can be used to reduce risk. The CSI also explains the importance of SBOM as a part of the
Secure by Design initiative.
The authoring agencies urge the adoption of a joint vision of SBOM throughout the cybersecurity community to improve effectiveness, while reducing costs and complexities, as differing implementations could hinder the widespread and sustainable implementation of SBOM.
Read the full report here.
Visit our full library for more cybersecurity information and technical guidance.
cisa.gov/securebydesign