2025 Minimum Elements for a Software Bill of Materials (SBOM)

CISA is requesting public comment on its updated guidance on Software Bill of Materials (SBOM) to reflect the current state of maturity in software transparency and supply chain security. Building on the 2021 NTIA SBOM Minimum Elements, this update aims to help agencies and organizations to manage software risk more effectively. 

SBOMs provide a detailed inventory of software components, enabling organizations to identify vulnerabilities, assess risk, and make informed decisions about the software they use and deploy. As adoption of SBOMs has grown across the public and private sectors, so too has the need for  machine-processable formats that support scalable implementation and integration into broader cybersecurity practices. 

The draft offers the public an opportunity to provide their knowledge to improve the guidance before it is finalized. The public comment period begins today and concludes on October 3, 2025. During the comment period, members of the public are asked to provide comments and feedback via the Federal Register.