CISA published a draft Minimum Elements for a Software Bill of Materials (SBOM) to provide an updated baseline for documenting and sharing software component information. The guidance incorporates lessons learned from increased SBOM generation and usage and emphasizes machine-readable, scalable solutions. The guidance aims to empower federal agencies and other organizations to make risk-informed decisions and strengthen cybersecurity posture. CISA seeks public comments to improve the list of minimum elements and to promote community-driven adoption and practical use of SBOMs. SBOMs increase transparency of software composition and offer insights into the software supply chain critical to many systems and services.
CISA seeks to advance the adoption and practical use of SBOMs by promoting community-driven work. The focus of this work will be on: CISA Acting Executive Assistant Director for Cybersecurity Chris Butera comments, "This voluntary guidance will empower federal agencies and other organizations to make risk-informed decisions, strengthen their cybersecurity posture, and support scalable, machine-readable solutions. We encourage members of the public to review this guidance and provide comment on how we can improve this list of minimum elements."
On August 22, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) published a Minimum Elements for a Software Bill of Materials (SBOM) draft and has encouraged the public to offer comments. The Minimum Elements for a Software Bill of Materials (SBOM) is intended to be a guide incorporating "lessons learned from increased SBOM generation and usage," offering an updated baseline for the manner of documentation and sharing software component information.
Collection
[
|
...
]