FYI US Federal CIO comment on SBOM
|
Chris DeRusha, US Federal CIO at OMB mentions SBOM as part of the forthcoming CISA self-attestation form required under OMB M-22-18:
“The Secure Software Development Framework is a fantastic framework but when a company is going to attest specifically to the practices, we all have feeling it needs to be more specific about what those are, instructions, how to submit artifacts and how to treat SBOMs,” DeRusha told reporters following his talk at the Information Security and Privacy Advisory Board meeting.”
https://insidecybersecurity.com/share/14396
Thanks,
Dick Brooks
Active Member of the CISA Critical Manufacturing Sector, Sector Coordinating Council – A Public-Private Partnership
Never trust software, always verify and report! ™ http://www.reliableenergyanalytics.com Email: dick@... Tel: +1 978-696-1788
|
|
|
