Minimum Components of an SBOM Published by NTIA | SPONSORED
The NTIA (National Telecommunications and Information Administration) recently published the minimum elements for a Software Bill of Materials (more commonly known as SBOM). The document can be viewed HERE.
What is an SBOM? – Definition of an SBOM
An SBOM (Software Bill of Materials) is a formal record containing the details and supply chain relationships of various components used in building software. An SBOM provides those who produce, purchase, and operate software with information that enhances their understanding of the supply chain, which enables multiple benefits, most notably the potential to track known and newly emerged vulnerabilities and risks.
Introduction to SBOM
Although the NTIA has been conducting a transparent, multistakeholder process since 2018, the starter’s pistol went off on May 12 when President Biden signed Executive Order 14028 — Improving the Nation’s Cybersecurity (see aDolus’ other blog posts on the EO). The EO tasked NTIA with publishing the minimum elements of an SBOM. If you are unfamiliar with SBOMs, here is the NTIA definition:
To be clear, the 28-page document established the minimum elements of an SBOM. The NTIA is quite emphatic about that. More than 8 pages are dedicated to Sections 5 “Beyond Minimum Elements: Enabling Broader SBOM Use Cases” and 6 “Future SBOM Work.” So we can look forward to future improvements, while still making immediate progress. Or, to borrow their own phrase, “starting today is better than waiting for perfection.”
NTIA definitions
The minimum elements NTIA describes are organized into these three categories.
- Data Fields
- Automation Support for SBOM
- Practices and Processes
Read the full post from aDolus to learn more about the minimum elements of an SBOM.
About the Author
This article was written by Derek Kruszewski, P. Eng, Artificial Intelligence Analyst, aDolus.
Learn from global ICS cybersecurity subject matter experts as they share insights on topics like Cybersecurity for Manufacturing, Energy and Infrastructure Industries and The Role of AI in ICS Cybersecurity at IIoT World’s Cybersecurity Day on October 6, 2021. The first 500 tickets are free, so register today.
From Plant Floor to Cloud: Revolutionizing Data Integration for the Digital Age
At the Hannover Messe Fair 2024, Torey Penrod-Cambra, Chief Communications Officer at HighByte, delves into the latest developments of their Intelligence Hub. HighByte is advancing the interoperability of this platform with major cloud services, a pivotal shift poised to transform
Integrated Power and Process Management: A Leap Towards Efficiency and Competitiveness
At Hannover Messe 2024, one of the most anticipated industrial fairs globally, Hany Fouda, SVP IA Europe, Schneider Electric shares insights on the evolving landscape of power and process management. His vision for the future, where power and process systems
How to Use InfluxDB and PTC ThingWorx for Industrial IoT
One of the biggest challenges of implementing a digital transformation program is integrating with legacy systems for data collection. Another major challenge is presented in storing and utilizing that data to extract business value. In this article, you will learn about