Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

CISA 2025 SBOM guideline update for federal agencies

Public Sector Action
First reported
Last updated
Happening score
H score 15
1 unique sources, 1 articles

Summary

Hide ▲

CISA has released a 2025 update to federal SBOM guidelines, and the draft is open for public comment through Oct. 3. The changes require component hashes, licenses, the SBOM creation tool, timestamps, and machine-readable formats such as SPDX and CycloneDX, strengthening supply-chain visibility for federal agencies and vendors. The update aims to improve verifiability and operational use, while practitioners still want more context, automation, and vulnerability integration.

Related Happenings

CISA KEV listing and FCEB patch order for Ivanti EPMM

Public Sector Action
First: 08.04.2026 21:15 Last: 08.04.2026 21:15 Sources 1

About this happening: **CISA** added **CVE-2026-1340** to the **KEV Catalog** and ordered **FCEB agencies** to patch **Ivanti Endpoint Manager Mobile (EPMM)** by **Saturday midnight, April 11**, forcin...

Open Happening

CISA KEV listing for Wing FTP CVE-2025-47813

Public Sector Action
First: 17.03.2026 07:23 Last: 17.03.2026 07:23 Sources 1

About this happening: CISA added **CVE-2025-47813** in **Wing FTP Server** to the **KEV catalog** after evidence of **active exploitation**, putting the flaw under formal government tracking. The listi...

Open Happening

CISA BOD 22-01 iOS KEV patch order

Public Sector Action
First: 06.03.2026 17:57 Last: 06.03.2026 17:57 Sources 1

About this happening: **CISA** ordered **Federal Civilian Executive Branch** agencies to secure affected **iOS** devices by **March 26** after adding **three Coruna vulnerabilities** to its **Known Exp...

Open Happening

CISA Emergency Directive 26-03 for Cisco SD-WAN

Public Sector Action
First: 25.02.2026 14:00 Last: 25.02.2026 14:00 Sources 1

About this happening: **CISA** issued **Emergency Directive 26-03** and supplemental guidance to force immediate remediation of **Cisco SD-WAN** vulnerabilities across **Federal Civilian Executive Bran...

Open Happening

CISA adds four actively exploited flaws to KEV with FCEB deadlines

Public Sector Action
First: 13.02.2026 10:34 Last: 13.02.2026 10:34 Sources 1

About this happening: CISA added **four vulnerabilities** to the **Known Exploited Vulnerabilities (KEV) catalog** after evidence of **active exploitation**, putting **FCEB agencies** on a forced remed...

Open Happening

Timeline

  1. 28.08.2025 18:17 2 articles · 9mo ago

    CISA updates federal SBOM guidance for agencies and vendors

    Legal Policy Action Update

    US Cybersecurity and Infrastructure Security Agency (CISA) updated federal SBOM guidance for federal agencies and software/component vendors, adding requirements for component hash, license, the SBOM creation tool, a timestamp, and machine-readable formats such as SPDX and CycloneDX to improve supply-chain transparency and verifiability. Experts described the 2025 update as a positive step but said better context, automation, standardization, sharing, and vulnerability integration are still needed, and the draft remains open for public comment through Oct. 3.

    Show sources
    Open in new tab