- NIST unveils a blockchain-driven approach for federal software asset management
- The BloSS@M framework aims to boost software supply chain security, reuse and cybersecurity of government software
- NIST seeks public and industry input on the draft framework through June 26
The National Institute of Standards and Technology has released an initial public draft of Internal Report 8500A, outlining a blockchain-based framework for managing software assets among federal agencies. NIST said Tuesday it is seeking feedback from government agencies, industry stakeholders, researchers and cybersecurity professionals, with public comments open through June 26.
NIST’s BloSS@M initiative reinforces the need for stronger software security across federal systems. Learn more about cyber modernization and zero trust at the Potomac Officers Club’s 2026 Cyber Summit tomorrow, May 21. Register now.
Table of Contents
What Is the BloSS@M Framework?
NIST said Tuesday the initial public draft, titled Blockchain-Based Secure Software Assets Management, or BloSS@M, proposes a shared infrastructure to streamline asset acquisition, tracking and cybersecurity management. The initiative aims to encourage asset reuse, strengthen supply chain security and reduce redundant procurement. It was developed in line with Office of Management and Budget asset management requirements and NIST cybersecurity guidelines.
What Capabilities Does the BloSS@M Framework Include?
The approach includes blockchain-enabled life cycle tracking designed to maintain tamper-resistant records of software assets from acquisition through retirement. The draft also outlines automated vulnerability management capabilities tied to the National Vulnerability Database and machine-processable compliance features using the Open Security Controls Assessment Language. According to the agency, the framework is optimized for software asset management but could also support hardware assets when combined with additional physical tracking mechanisms.
The BloSS@M initiative builds on NIST’s broader efforts to strengthen software security across the federal government. In 2025, the agency released a draft of Special Publication 1800-44, which outlined recommended practices for secure software development, operations and maintenance throughout the software lifecycle.
