White House Guidance Recommends SBOMs for Federal Agencies

New executive order stops short of mandating NIST's guidelines, but recommends SBOMs for federal agencies across government.

Dark Reading Staff, Dark Reading

September 14, 2022

1 Min Read
Image of the white house and Washington monument
Source: Michael Ventura via Alamy Stock Photo

The Biden White House has released a new cybersecurity executive order outlining guidelines for software supply chain security, including the suggestion that federal agency CIOs start requiring documentation of secure development and software bills of materials (SBOMs).

In a memo sent to the heads of executive departments and agencies, the White House Office of Management and Budget outlines supply chain cybersecurity best practices established by the National Institute of Standards and Technology (NIST), which would recommend a full software inventory assessment, collecting statements from each outside software vendor that its products conform to the NIST supply chain security framework, and a requirement for SBOMs when purchasing new software.

"As agencies develop requirements that include the use of new software, they must request confirmation that the software producer utilizes secure software development practices," the OMB memo said. "This could be accomplished through specification of these requirements in the Request for Proposal (RFP) or other solicitation documents, but regardless of how the agency ensures compliance, the agency must ensure that the company implements and attests to the use of secure software development practices consistent with NIST Guidance, throughout the software development lifecycle." 

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights