CISA, NSA, and Global Partners Release a Shared Vision of Software Bill of Materials (SBOM) Guidance

CISA, in collaboration with NSA and 19 international partners, released joint guidance outlining A Shared Vision of Software Bill of Materials (SBOM) for Cybersecurity. This marks a significant step forward in strengthening software supply chain transparency and security worldwide.

An SBOM is a formal record detailing the components and supply chain relationships used in building software. SBOMs act as a software “ingredients list” providing organizations with essential visibility into software dependencies, enabling them to identify components, assess risks, and take proactive measures to mitigate vulnerabilities.

The guidance highlights the benefits of SBOM adoption for software producers, purchasers, operators, and national security organizations. Key advantages include reducing risks, improving vulnerability management, and enhancing overall software security practices.

By promoting transparency, aligning technical approaches, and leveraging automation, SBOM adoption strengthens the resilience of the global software ecosystem. This guidance urges organizations worldwide to integrate SBOM practices into their security frameworks to collaboratively address supply chain risks and enhance cybersecurity resilience.

For more information on SBOM, visit: https://www.cisa.gov/sbom.

For leadership statements from co-authoring organizations, visit: Statements of Support on A Shared Vision of SBOM for Cybersecurity.