SBOM Executive Order

The Federal Government’s Cybersecurity Executive Order

Today’s software supply chain is complex, and it’s under attack. 2021 is on course to be a record year with zero days reported without an incident.

The Executive Order issued by the Biden administration calls for the National Institute of Standards and Technology (NIST) to provide software supply chain regulations within one year. These policies will determine how organizations check for and manage vulnerabilities within their applications.

 

PURPOSE OF THE EXECUTIVE ORDER

  • Improve threat information sharing between federal government and private sector
  • Modernize and implement stronger cybersecurity standards within the federal government
  • Improve software supply chain security
  • Establish a cybersecurity safety review board
  • Create a playbook for responding to cybersecurity incidents
  • Improve detection of cybersecurity incidents on federal government networks
  •  


WHAT’S IN THE EXECUTIVE ORDER

  • Any software provider that sells software into the federal government must provide a Software Bill of Materials (SBOM)
  • Evidence of regulatory compliance, including using tools to check code for vulnerabilities regularly and producing artifacts related to that testing
  • Ensuring software development processes include measures to secure the build environment
  • Proof of integrity of open source code use
  • Proof of/or plans to secure the security of legacy software
  •  


WHY CREATE AN SBOM

An SBOM should provide a comprehensive inventory of the software components in your applications. necessary given code is a complex ecosystem. There’s hierarchy, dependencies, modules that are shared across applications, sub-components, commercial code that includes open source, and open source code that has more open source.

 

An accurate, complete SBOM allows companies to control risk by identifying and mitigating security vulnerabilities and source code license infringement. An SBOM also encourages secure software development practices. Developers can vet code before embedding it in applications.

Greater transparency. Enhanced security. 

Why Revenera

Code Insight from Revenera provides the most complete, accurate SBOM in the industry. We don’t just stop at software packages, containers, and dependencies. Code Insight allows organizations to go deeper. 


Resources

Blog

The New Cybersecurity Executive Order: 2021 is the Year of the SBoM

The order—focused on cybersecurity—includes new security requirements for software vendors selling software to the U.S. government.

View Blog
Press Release

Revenera Helps Users Meet SBOM Mandate Included in White House Executive Order

Software Composition Analysis (SCA) is a security and compliance function that’s key to the software development lifecycle

View Press Release
Webinar

Incorporating Software Composition Analysis into Your Secure Application Strategy

If you are in software development, security, or compliance, sign up to listen to this webinar to learn more about implementing software composition analysis to manage additional risk associated with building and shipping software applications.

View Webinar

Protect the Software Supply Chain. Get a Complete Software Bill of Materials.

The Executive Order encourages the private sector to follow the Federal Government’s lead and align cybersecurity strategy and investments with the government in order to minimize future attacks. Jumpstart your cybersecurity initiatives with Revenera.