CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Trump Administration Rescinds Biden-Era SBOM and Secure Software Development Mandates

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

The Trump administration has rescinded two Biden-era memorandums (M-22-18 and M-23-16) that required federal agencies to obtain software bills of materials (SBOMs) and letters of attestation from software vendors. The move, effective immediately, removes the mandate for agencies to enforce secure software development practices based on NIST guidelines. The decision has sparked debate among security professionals, with some praising the shift towards risk-based approaches and others warning of potential security risks due to reduced oversight.

Timeline

  1. 30.01.2026 00:25 1 articles · 23h ago

    Trump Administration Rescinds Biden-Era SBOM and Secure Software Development Mandates

    On January 23, 2026, the Trump administration issued a memorandum (M-26-05) rescinding two previous memorandums (M-22-18 and M-23-16) that required federal agencies to obtain SBOMs and letters of attestation from software vendors. The move aims to reduce bureaucratic burdens and allow agencies to tailor their security approaches, but it has sparked debate among security professionals about the potential impact on software security practices.

    Show sources
    Open in new tab

Information Snippets

  • The White House's Office of Management and Budget (OMB) issued a memorandum (M-26-05) on January 23, 2026, rescinding two previous memorandums (M-22-18 and M-23-16).

    First reported: 30.01.2026 00:25
    1 source, 1 article
    Show sources

  • M-22-18 required federal agencies to obtain SBOMs and letters of attestation from software vendors, ensuring compliance with NIST secure development guidelines.

    First reported: 30.01.2026 00:25
    1 source, 1 article
    Show sources

  • M-23-16 clarified and extended deadlines for compliance with M-22-18.

    First reported: 30.01.2026 00:25
    1 source, 1 article
    Show sources

  • OMB Director Russell Vought stated that the rescinded requirements imposed burdensome processes that prioritized compliance over genuine security investments.

    First reported: 30.01.2026 00:25
    1 source, 1 article
    Show sources

  • Agencies may still use resources developed under the rescinded memorandums but are no longer mandated to require SBOMs and letters of attestation.

    First reported: 30.01.2026 00:25
    1 source, 1 article
    Show sources

  • Security professionals are divided on the impact of the rollback, with some arguing it shifts focus to risk-based approaches and others warning of potential security risks.

    First reported: 30.01.2026 00:25
    1 source, 1 article
    Show sources