Tuesday, July 13, 2021

Review - NTIA Releases Minimum Elements for SBOM

Yesterday the DOC’s National Telecommunications and Information Administration (NTIA) published their report on the minimum elements for a software bill of materials (SBOM) as required by President Biden’s EO 14028. The report outlines three broadly defined minimum elements, explains how they can currently be implemented and used and points the way forward for expanding the usefulness of SBOM. NTIA had solicited public input on the development of these minimum elements last month, but has been working on the topic with an open work group since 2018.

The announcement lists the three minimum elements as required by EO 14028:

• Data Fields: Documenting baseline information about each component that should be tracked,

• Automation Support: Allowing for scaling across the software ecosystem through automatic generation and machine-readability, and

• Practices and Processes: Defining the operations of SBOM requests, generation and use.

The report goes into more detail about each of the elements.

NTIA acknowledges that these three minimum requirements are just that, MINIMUM. They outline much of the near term works that needs to be done.

For a more detailed look at the report, see my report at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/ntia-releases-minimum-elements-for - subscription required.

No comments:

/* Use this with templates/template-twocol.html */