An official website of the United States government
A .gov website belongs to an official government organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Press Release | Sept. 3, 2025

NSA, CISA, and Others Release a Shared Vision of Software Bill of Materials (SBOM)

FORT MEADE, Md  –   FORT MEADE, Md. - The National Security Agency (NSA) is joining the Cybersecurity and Infrastructure Security Agency (CISA) and others to release the Cybersecurity Information Sheet (CSI), “A Shared Vision of Software Bill of Materials (SBOM) for Cybersecurity,” to inform producers, choosers, and operators of software of the advantages of integrating SBOM generation, analysis, and sharing into existing security processes and practices.
 
Understanding the risks in a software’s supply chain, including the risks of the software components, is fundamental for a more secure software ecosystem. SBOM enables greater visibility across an organization’s supply chain and enterprise system by documenting information about software dependencies.
 
The CSI outlines the value of increased software component and supply chain transparency in addressing these risks and securing the software ecosystem. 
 
Further, the report provides risk management practices for organizations to leverage the transparency associated with SBOMs and mitigate software supply chain vulnerabilities, along with examples of how they can be used to reduce risk. The CSI also explains the importance of SBOM as a part of the Secure by Design initiative.
 
The authoring agencies urge the adoption of a joint vision of SBOM throughout the cybersecurity community to improve effectiveness, while reducing costs and complexities, as differing implementations could hinder the widespread and sustainable implementation of SBOM.
 
Read the full report here.
 
Visit our full library for more cybersecurity information and technical guidance.

 cisa.gov/securebydesign
NSA Media Relations
MediaRelations@nsa.gov
443-634-0721