CISA released updated guidance for the Minimum Elements for a Software Bill of Materials (SBOM) for public comment—comment period begins today and concludes on October 3, 2025. These updates build on the 2021 version of the National Telecommunications and Information Administration SBOM Minimum Elements to reflect advancements in tooling and implementation.
An SBOM serves as a vital inventory of software components, enabling organizations to identify vulnerabilities, manage dependencies, and mitigate risks. The update refines data fields, automation support, and operational practices to ensure SBOMs are scalable, interoperable, and comprehensive.
Stakeholders are encouraged to provide feedback via the Federal Register during the public comment period. This feedback will contribute to refining SBOM practices, enabling CISA to release an updated version of the minimum elements.
CISA is aware of global reports that malicious cyber actors have targeted internet-accessible Fortinet devices…
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on…
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on…
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on…
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on…
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on…
This website uses cookies.