NIST seeks input on incorporating SBOM capabilities, open source controls into key supply chain risk publication

The National Institute of Standards and Technology is exploring how agencies could implement “foundational” Software Bill of Materials “components and functionality” practices in the latest draft revision of their major supply chain risk publication, and wants stakeholder input on proposed ideas to incorporate emerging tech concepts into the guidance.

NIST Special Publication 800-161, “Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations,” provides guidance to organizations on how to identify, assess and mitigate cyber supply chain risks and...