CyberSecurityBoard
Sponsor Register Login

CISA Seeks SBOM Requirements Change

The Cybersecurity and Infrastructure Security Agency (CISA) is advocating for changes to the Software Bill of Materials (SBOM) requirements. CISA's proposal aims to enhance the clarity and effectiveness of SBOMs to better support cybersecurity efforts. SBOMs are critical for identifying and managing software vulnerabilities by providing detailed inventories of software components. The agency's initiative reflects growing recognition of the importance of transparent software supply chains in mitigating cyber risks. By refining SBOM standards, CISA hopes to improve vulnerability management and incident response capabilities across industries. This move aligns with broader government efforts to strengthen national cybersecurity posture and protect critical infrastructure from evolving threats. The proposed changes emphasize the need for comprehensive, accurate, and actionable SBOM data to empower organizations in their security operations. As software ecosystems become increasingly complex, robust SBOM practices are essential for maintaining trust and resilience in digital environments. CISA's call for updated SBOM requirements underscores the ongoing commitment to advancing cybersecurity frameworks and fostering collaboration among stakeholders.

This Cyber News was published on www.infosecurity-magazine.com. Publication date: Mon, 25 Aug 2025 10:05:03 +0000


Cyber News related to CISA Seeks SBOM Requirements Change

Improving Software Quality with the OWASP BOM Maturity Model - With his years of work on the CycloneDX standard, Springett understands the issues holding back SBOM usage-particularly when it comes to standardization, dependency tracking, and verification. Not to mention, he also chaired OWASP's Software ...
1 year ago Securityboulevard.com
Sonatype SBOM Manager identifies and mitigates vulnerabilities within the software supply chain - Working with the world's largest enterprises and global policymakers to address the complexities of optimizing your software supply chain with SBOMs, Sonatype announced SBOM Manager. This solution provides an integrated approach to managing SBOMs ...
1 year ago Helpnetsecurity.com
CISA Seeks SBOM Requirements Change - The Cybersecurity and Infrastructure Security Agency (CISA) is advocating for changes to the Software Bill of Materials (SBOM) requirements. CISA's proposal aims to enhance the clarity and effectiveness of SBOMs to better support cybersecurity ...
1 month ago Infosecurity-magazine.com
CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog - CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog. CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog. CISA adds ...
1 year ago Securityaffairs.com
Understanding SBOMs - In recent years, the adoption of open-source software in development has surged, now comprising up to 90% of what's built. There is a crucial aspect to consider when integrating open-source software components. To make sure their software is safe, ...
1 year ago Securityboulevard.com
CISA pledges to resolve issues with threat sharing system after watchdog report - On Friday, the Department of Homeland Security’s Office of the Inspector General published a report on Automated Indicator Sharing (AIS) — which was used to spread cyber threat intelligence and was mandated as part of a 2015 law. The nation’s ...
1 year ago Therecord.media
Enabling Threat-Informed Cybersecurity: Evolving CISA's Approach to Cyber Threat Information Sharing - One of CISA's most important and enduring roles is providing timely and actionable cybersecurity information to our partners across the country. Nearly a decade ago, CISA stood up our Automated Indicator Sharing, or AIS, program to widely exchange ...
1 year ago Cisa.gov
Will 2024 Be the Year of the Software Bill of Materials? Experts Weigh In. - The Software Bill of Materials has become a central part of the White House National Cyber Security Strategy to help protect the software supply chain supporting government and critical infrastructure systems. Standards for expressing and consuming ...
1 year ago Securityboulevard.com
Silex Technology AMC Protect improves cybersecurity for critical devices - Silex Technology announced their new protection service product offering called AMC Protect, a robust software management service designed to monitor and remedy vulnerabilities. AMC Protect targets customers utilizing Silex's embedded wireless LAN ...
1 year ago Helpnetsecurity.com
Guidance: Assembling a Group of Products for SBOM - Today, CISA published Guidance on Assembling a Group of Products created by the Software Bill of Materials Tooling & Implementation Working Group, one of the five SBOM community-driven workstreams facilitated by CISA. CISA's community-driven ...
1 year ago Cisa.gov
CISA's OT Attack Response Team Understaffed: GAO - The US Government Accountability Office has conducted a study focusing on the operational technology cybersecurity products and services offered by CISA and found that some of the security agency's teams are understaffed. OT environments continue to ...
1 year ago Securityweek.com
CISA's New SBOM Guidelines Draw Mixed Reviews - The Cybersecurity and Infrastructure Security Agency (CISA) recently released updated guidelines for Software Bill of Materials (SBOM), aiming to enhance software supply chain security. These new guidelines have sparked mixed reactions across the ...
1 month ago Darkreading.com
Cybersecurity Performance Goals: Assessing How CPGs Help Organizations Reduce Cyber Risk - In October 2022, CISA released the Cybersecurity Performance Goals to help organizations of all sizes and at all levels of cyber maturity become confident in their cybersecurity posture and reduce business risk. Earlier this summer, CISA outlined ...
1 year ago Cisa.gov
Biden's budget proposal boosts CISA's funding to $3b The Register - US President Joe Biden has asked Congress to approve an extra $103 million in funding for the Cybersecurity and Infrastructure Security Agency, bringing CISA's total budget to $3 billion. Biden proposed his $7.3 trillion spending plan for fiscal year ...
1 year ago Go.theregister.com
CISA Seeks Public Comment on Newly Developed Secure Configuration Baselines for Google Workspace - As federal civilian agencies continue to modernize IT enterprises, increased reliance on cloud services, platform services, and external providers has introduced new types of risks. Recent threat activity from groups such as Storm-0558 have ...
1 year ago Cisa.gov Cuba
Securing Tomorrow: A Recap of CISA's Cyber Resilient 911 Symposium - CISA's Emergency Communications Division spearheaded the Cyber Resilient 911 Program's fourth regional symposium, which included CISA Regions 5 and 7. Among the attendees were state 911 administrators, representatives from 911 centers, IT/cyber ...
1 year ago Cisa.gov
CISA reveals how fed agency succumbed to ColdFusion attacks The Register - CISA has released details about a federal agency that recently had at least two public-facing servers compromised by attackers exploiting a critical Adobe ColdFusion vulnerability. The vulnerability, tracked as CVE-2023-26360, was disclosed in March ...
1 year ago Go.theregister.com CVE-2023-26360
The Role of XBOMs in Supporting Cybersecurity - Everyone in an organization plays an important role in ensuring that their products and services are delivered safely to their customers. Whether you're producing software or hardware, part of the manufacturing process, or anywhere in the software ...
1 year ago Securityboulevard.com
NSA Issues Guidance on Incorporating SBOMs to Improve Cybersecurity - The National Security Agency has published new guidance to help organizations incorporate software bills of materials and mitigate supply chain risks. In May 2021, the White House issued a cybersecurity executive order, mandating the use of SBOMs for ...
1 year ago Securityweek.com
Vigilant Ops Raises $2 Million for SBOM Management Platform - Cybersecurity startup Vigilant Ops has received a $2 million seed investment from DataTribe to help organizations manage software bills of materials. Founded in 2019, the Pittsburgh, Pennsylvania-based Vigilant Ops provides an automated platform for ...
1 year ago Securityweek.com
EuroTel ETL3100 Radio Transmitter - RISK EVALUATION. Successful exploitation of these vulnerabilities could allow an unauthenticated attacker to gain full access to the system, disclose sensitive information, or access hidden resources. EuroTel ETL3100 versions v01c01 and v01x37 does ...
1 year ago Cisa.gov CVE-2023-6928 CVE-2023-6929 CVE-2023-6930
CISA confirms compromise of its Ivanti systems - CISA confirmed two of its internal systems were breached by a threat actor that exploited flaws in Ivanti products used by the U.S. cybersecurity agency. Ivanti on Jan. 10 disclosed two zero-day vulnerabilities that were under exploitation by a ...
1 year ago Techtarget.com CVE-2023-46805 CVE-2024-21887
Optigo Networks ONS-S8 Spectra Aggregation Switch | CISA - CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial ...
1 year ago Cisa.gov CVE-2024-41925 CVE-2024-45367
CISA: Most critical open source projects not using memory safe code - The U.S. Cybersecurity and Infrastructure Security Agency has published research looking into 172 key open-source projects and whether they are susceptible to memory flaws. The report, cosigned by CISA, the Federal Bureau of Investigation, as well as ...
1 year ago Bleepingcomputer.com
CISA says it will continue to monitor Russian cyber threats | The Record from Recorded Future News - Both The Guardian and Washington Post bolstered the claims about CISA by saying a recent speech on critical infrastructure cyber threats by a senior State Department official did not mention Russia. The story emerged on Friday around the same time as ...
7 months ago Therecord.media

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)