The federal government for the past few years has focused on protecting the software supply chain in the wake of such high-profile incidents as the SolarWinds hack in 2020 and the Log4j vulnerability a year later.
A key part of that has been software bills-of-materials (SBOMs), an inventory of the various components that make up a piece of software and a way for organizations to account for the products they are bringing into their IT environments. This becomes increasingly important given the amount of code – much of it open source – that is used to build software, a lot of which comes from outside a business’ development team.
Now the U.S. Cybersecurity and Infrastructure Agency wants organizations to have the same information about the hardware systems that run all this software.
CISA this week rolled out a framework for a hardware bill of materials (HBOM) that, like SBOMs, list the hardware components that make up a system and the details of the components. The Hardware Bill of Materials Framework for Supply Chain Management include a consistent way to name attributes of components, a format for identifying and providing information about the types of components, and guidance for deciding what HBOM information is needed based on the why the list will be used.
The goal is to create a “consistent and repeatab ..
Support the originator by clicking the read the rest link below.