White House Guidance Recommends SBOMs for Federal Agencies
New executive order stops short of mandating NIST's guidelines, but recommends SBOMs for federal agencies across government.
![Image of the white house and Washington monument Image of the white house and Washington monument](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blt04cf4bc4d2001d17/64f1557e00fbd49fe8b5baeb/white_house_Michael_Ventura_Alamy.jpg?width=1280&auto=webp&quality=95&format=jpg&disable=upscale)
The Biden White House has released a new cybersecurity executive order outlining guidelines for software supply chain security, including the suggestion that federal agency CIOs start requiring documentation of secure development and software bills of materials (SBOMs).
In a memo sent to the heads of executive departments and agencies, the White House Office of Management and Budget outlines supply chain cybersecurity best practices established by the National Institute of Standards and Technology (NIST), which would recommend a full software inventory assessment, collecting statements from each outside software vendor that its products conform to the NIST supply chain security framework, and a requirement for SBOMs when purchasing new software.
"As agencies develop requirements that include the use of new software, they must request confirmation that the software producer utilizes secure software development practices," the OMB memo said. "This could be accomplished through specification of these requirements in the Request for Proposal (RFP) or other solicitation documents, but regardless of how the agency ensures compliance, the agency must ensure that the company implements and attests to the use of secure software development practices consistent with NIST Guidance, throughout the software development lifecycle."
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024