US Executive Order #14028

Executive Order 14028, Improving the Nation's Cybersecurity, requires federal agencies to obtain a Software Bill of Materials (SBOM) for all software they acquire, starting with new acquisitions in fiscal year 2023.

 

The OMB guidance on the implementation of Executive Order 14028 defines the minimum elements that must be included in an SBOM for federal government software purchases. These elements include:​

 

• The name and version of each software component.

• The vendor of each software component

• The license under which each software component is distributed

• The cryptographic hash of each software component

• The location of each software component

 

The requirement for SBOMs in federal government software purchases is a significant step forward in improving the security of the federal government's software supply chain. SBOMs can help to identify and track software vulnerabilities, and to make informed decisions about software procurement and use. This will help to protect the federal government from cyberattacks.

 

Here are some of the benefits of using InvisiRisk for federal government software purchases:​

 

• InvisiRisk can help to identify and track software vulnerabilities.

• InvisiRisk can help to make informed decisions about software procurement and use.

• InvisiRisk can help to improve the security of the federal government's software supply chain.

• InvisiRisk can help to reduce the risk of cyberattacks.