FYI US Federal CIO comment on SBOM

Dick Brooks

Chris DeRusha, US Federal CIO at OMB mentions SBOM as part of the forthcoming CISA self-attestation form required under OMB M-22-18:


“The Secure Software Development Framework is a fantastic framework but when a company is going to attest specifically to the practices, we all have feeling it needs to be more specific about what those are, instructions, how to submit artifacts and how to treat SBOMs,” DeRusha told reporters following his talk at the Information Security and Privacy Advisory Board meeting.”





Dick Brooks


Active Member of the CISA Critical Manufacturing Sector,

Sector Coordinating Council – A Public-Private Partnership


Never trust software, always verify and report!

Email: dick@...

Tel: +1 978-696-1788