CyberHappenings logo
Home Browse About

Track cybersecurity events as they unfold. Sourced timelines, daily updates. Fast, privacy‑respecting. No ads, no tracking.

CISA's 2025 SBOM Guidelines Released with Mixed Feedback

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

The US Cybersecurity and Infrastructure Security Agency (CISA) released updated guidelines for Software Bills of Materials (SBOM) in August 2025. The new rules aim to enhance transparency among software and component vendors by mandating detailed SBOMs. While experts acknowledge progress, they express concerns about implementation, standardization, and operationalization. The guidelines require SBOMs to include component hashes, licenses, tool names, timestamps, and other identifiers to facilitate software supply chain visibility. The new rules also mandate machine-readable formats like SPDX and CycloneDX to drive automation and include cryptographic hashes for component verification. Despite these advancements, practitioners highlight the need for better vulnerability integration, automation, and practical guidance to make SBOMs truly operational.

Timeline

  1. 28.08.2025 18:17 1 articles · 1mo ago

    CISA Releases 2025 SBOM Guidelines with Enhanced Requirements

    In August 2025, CISA issued updated SBOM guidelines mandating detailed components, machine-readable formats, and cryptographic hashes. The guidelines aim to improve transparency and operationalization in the software supply chain. Experts acknowledge progress but express concerns about implementation and the need for practical guidance. The guidelines are open for public comment until October 3, 2025.

    Show sources
    Open in new tab

Information Snippets

  • CISA released updated SBOM guidelines in August 2025, focusing on enhanced transparency and operationalization.

    First reported: 28.08.2025 18:17
    1 source, 1 article
    Show sources

  • The new guidelines require detailed SBOMs, including component hashes, licenses, tool names, timestamps, and other identifiers.

    First reported: 28.08.2025 18:17
    1 source, 1 article
    Show sources

  • Machine-readable formats like SPDX and CycloneDX are mandated to drive automation.

    First reported: 28.08.2025 18:17
    1 source, 1 article
    Show sources

  • Cryptographic hashes for component verification are included to ensure data integrity.

    First reported: 28.08.2025 18:17
    1 source, 1 article
    Show sources

  • Experts express concerns about implementation, standardization, and operationalization of SBOMs.

    First reported: 28.08.2025 18:17
    1 source, 1 article
    Show sources

  • The guidelines are open for public comment until October 3, 2025.

    First reported: 28.08.2025 18:17
    1 source, 1 article
    Show sources

Similar Happenings

CISA, NSA, and international partners release joint SBOM cybersecurity guide

The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and 19 international partners have released a joint guide on the value of software bill of materials (SBOM) for enhancing cybersecurity. The guide aims to inform software producers, procurers, and operators about the benefits of integrating SBOM into security practices. The initiative underscores the importance of SBOMs in identifying and mitigating supply chain vulnerabilities and encourages global alignment for interoperability and scalability. The guide emphasizes the need for international collaboration to advance software supply chain security and drive transparency in software creation and utilization. It highlights the role of SBOMs in providing visibility into software dependencies, enabling risk assessment, and proactive vulnerability mitigation. SBOMs improve security and reduce risks and costs by increasing transparency in software components. They help organizations address security risks in the software supply chain and enable greater visibility across an organization’s software supply chain and enterprise system.

Open in new tab