The Cybersecurity and Infrastructure Security Agency has released a draft of the updated Minimum Elements for a Software Bill of Materials, opening a public comment period as it works to strengthen transparency in the software supply chain.
Table of Contents
Evolving Standards for SBOM
The draft builds on the 2021 SBOM Minimum Elements published by the National Telecommunications and Information Administration and reflects advances in tooling, usage and adoption of SBOM practices across government and industry. By incorporating such advancements, the new version raises expectations for how software components are documented and shared.
New challenges, vulnerabilities and concerns arise amid the growing global competition. The Potomac Officers Club’s 2025 Homeland Security Summit, hosted on Nov. 12, offers insights into the most pressing threats facing the country and the measures being implemented to counteract them. Join now to stay informed about key developments in homeland security.
CISA noted that SBOMs have become a critical tool in understanding software dependencies, identifying vulnerabilities and supporting risk-informed decision-making. The update adds new minimum elements, namely component hash, license, tool name and generation context, while clarifying existing requirements for SBOM author, software producer and component name, among other elements.
Chris Butera, CISA acting executive assistant director for cybersecurity, said the draft was developed in coordination with industry, interagency and international partners to support broader SBOM adoption.
“SBOM is a valuable tool that helps software manufacturers with addressing supply chain risks and several best practices have evolved significantly in recent years,” Butera noted. “This voluntary guidance will empower federal agencies and other organizations to make risk-informed decisions, strengthen their cybersecurity posture, and support scalable, machine-readable solutions. We encourage members of the public to review this guidance and provide comment on how we can improve this list of minimum elements.”
SBOM Guidance Public Comment Period
Members of the public may submit comments on the draft through Oct. 3. CISA plans to issue a revised version of the SBOM minimum elements after reviewing the feedback.
Related Articles
Nextgov/FCW reported Friday that Jane Rathbun, the Department of the Navy’s chief information officer, is retiring after a more than three-decade career in national security. Join the conversations about the latest naval tech capabilities, policies and more at the Potomac Officers Club’s 2025 Navy Summit on Aug. 26. Reserve your seat for this key GovCon networking event! “It is with gratitude, pride, and humility that I close out this chapter of my career as a civil servant,” Rathbun, a two-time Wash100 awardee, said in a LinkedIn post published Thursday. As the Navy CIO, she aligns IT investment priorities with the
David Cattler, director of the Defense Counterintelligence and Security Agency, said DCSA’s partnership with the Department of Defense, industry and academia helps ensure a trusted federal and industrial workforce and protect the country’s trusted workspaces. “We are the gatekeepers, working with you and industry to ensure classified information and technology remains safe from unauthorized foreign access,” Cattler said of DCSA during his keynote address at a conference held Oct. 18. Hear U.S. military leaders and industry experts as they discuss international partnerships, coalition warfare, technological advances and more at the Potomac Officers Club’s GovCon International Summit. Save your spot now
The U.S. Space Force, together with the Air Force Rapid Capabilities Office, launched the eighth X-37B Orbital Test Vehicle on board the USSF-36 SpaceX Falcon 9 rocket on Aug. 21 from Launch Complex 39A at NASA’s Kennedy Space Center, Florida. The launch was also conducted on behalf of the Air Force Research Laboratory and the Defense Innovation Unit, Space Systems Command said Friday. X-37B OTV-8 Mission Details The launch is part of Task Order 2 under the NSSL Phase 2 contract, which was awarded on March 8, 2021. The spacecraft lifted off at 11:50 pm. The USSF-36 mission is the