You are here

The Minimum Elements For a Software Bill of Materials (SBOM)

July 12, 2021

The Executive Order (14028) on Improving the Nation’s Cybersecurity directs the Department of Commerce, in coordination with the National Telecommunications and Information Administration (NTIA), to publish the “minimum elements” for a Software Bill of Materials (SBOM). This report builds on the work of NTIA’s SBOM multistakeholder process, as well as the responses to a request for comments issued in June, 2021, and extensive consultation with other Federal experts. 

An SBOM is a formal record containing the details and supply chain relationships of various components used in building software. In addition to establishing minimum elements, this report defines the scope of how to think about minimum elements, describes SBOM use cases for greater transparency in the software supply chain, and lays out options for future evolution.