The Inner Circle

 View Only
Back to discussions
Expand all | Collapse all

NTIA Framing Software Component Transparency: Establishing a Common Software Bill of Materials (SBOM)

  • 1.  NTIA Framing Software Component Transparency: Establishing a Common Software Bill of Materials (SBOM)

    Posted Oct 16, 2024 06:45:00 AM
      |   view attached

    Hi All,

    The first edition of this document1 was published in 2019 as part of the Phase I series of reports from the National Telecommunications and Information Administration (NTIA) Software Component Transparency multistakeholder process. The concept and implementation of the Software Bill of Materials (SBOM), introduced in that edition, served as the foundation for subsequent work that further matured SBOM.  

    The second edition updates published in 2021 focused on specific topics rather than a comprehensive revision of the entire document. The updates were based on insights from the Framing group, a workstream under the NTIA multistakeholder process, as well as feedback from other groups within the NTIA Software Component Transparency Multistakeholder Process and the broader SBOM community.  

    This document, the third edition, further defines and clarifies SBOM Attributes from the 2021 "Framing Software Component Transparency" document, offering descriptions of the minimum expected, recommended practices, and aspirational goal for each Attribute. The work reflected in this document is a product of extensive discussion in the SBOM Tooling and Implementation Working Group, a Cybersecurity and Infrastructure Security Agency (CISA) community-driven workstream, and feedback from across the software community.  

    This document, "Framing Software Component Transparency," is distinct from the "Minimum Elements for a Software Bill of Materials,"4 also published by the NTIA in 2021 (SBOM Minimum Elements Document). The SBOM Minimum Elements Document was called for by Executive Order 14028 and was drafted by NTIA as an official government publication. The SBOM Minimum Elements Document establishes the U.S. Government's minimum requirements for an SBOM. CISA has the authority to update the SBOM Minimum Elements Document to further clarify U.S. Government expectations under the Office of Management and Budget (OMB) Memo 22-18.  



    ------------------------------
    Michael Roza CPA, CISA, CIA, CC, CCSKv5, CCZTv1, MBA, EMBA, CSA
    ------------------------------