[open-regulatory-compliance] FW: [cisa-sbom-community] The DOD has relea

["Dick Brooks" <dick@xxxxxxxxxxxxxxxxxxxxxxxxx>]

FYI: The US DoD has also announced plans to implement practices for secure software products following US NIST and CISA guidance.

 

See email to the SBOM community mailing list pertaining to this DoD announcement – below with excerpt relative to SBOM’s.

 

Both US DoD and NASA have announced their support for Secure by Design best practices for SCRM that may be of interest to the EU CRA community.

 

Thanks,

 

Dick Brooks

  

Active Member of the CISA Critical Manufacturing Sector,

Sector Coordinating Council – A Public-Private Partnership

 

Never trust software, always verify and report! ™

Risk always exists, but trust must be earned and awarded.™

https://businesscyberguardian.com/

Email: dick@xxxxxxxxxxxxxxxxxxxxxxxxx

Tel: +1 978-696-1788

 

 

From: cisa-sbom-community@xxxxxxxxxxxxxxxx <cisa-sbom-community@xxxxxxxxxxxxxxxx> On Behalf Of Dick Brooks
Sent: Thursday, May 8, 2025 8:40 AM
To: cisa-sbom-community@xxxxxxxxxxxxxxxx
Cc: SecureByDesign@xxxxxxxxxxxx
Subject: RE: [cisa-sbom-community] The DOD has released their FY 2025-26 Software Strategy document containing specific guidance for SBOM

 

Some people have reached out asking where to find the DoD document containing this snippet. Here it is:

https://dodcio.defense.gov/Portals/0/Documents/Library/SW-Mod-I-Plan25-26.pdf

 

The NASA SCRM best practices referring to CISA’s Secure by Design Software Acquisition guide best practices are available here:

https://www.nasa.gov/secure-software-development-self-attestation-resources-and-knowledge/

 

The CISA Secure by Design Software Acquisition Guide best practices materials with specific guidance for SBOM implementation are available here: https://cisa.gov/sag

 

Feel free to reach out to discuss. Let’s provide a cohesive front showing that the SBOM community supports the DoD goals and objectives for secure products that are trustworthy and Secure by Design/Default/Demand.

 

Thanks,

 

Dick Brooks

  

Active Member of the CISA Critical Manufacturing Sector,

Sector Coordinating Council – A Public-Private Partnership

 

Never trust software, always verify and report! ™

Risk always exists, but trust must be earned and awarded.™

https://businesscyberguardian.com/

Email: dick@xxxxxxxxxxxxxxxxxxxxxxxxx

Tel: +1 978-696-1788

 

 

From: cisa-sbom-community@xxxxxxxxxxxxxxxx <cisa-sbom-community@xxxxxxxxxxxxxxxx> On Behalf Of Dick Brooks
Sent: Wednesday, May 7, 2025 4:53 PM
To: cisa-sbom-community@xxxxxxxxxxxxxxxx
Subject: [cisa-sbom-community] The DOD has released their FY 2025-26 Software Strategy document containing specific guidance for SBOM

 

Note reference to SBOM, OMB M-22-18 and CISA guidance for EO 14028 in the DOD Secure Software Standards

 

 

Thanks,

 

Dick Brooks

  

Active Member of the CISA Critical Manufacturing Sector,

Sector Coordinating Council – A Public-Private Partnership

 

Never trust software, always verify and report! ™

Risk always exists, but trust must be earned and awarded.™

https://businesscyberguardian.com/

Email: dick@xxxxxxxxxxxxxxxxxxxxxxxxx

Tel: +1 978-696-1788

 

 

--
You received this message because you are subscribed to the Google Groups "CISA-SBOM-community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cisa-sbom-community+unsubscribe@xxxxxxxxxxxxxxxx.
To view this discussion visit https://groups.google.com/d/msgid/cisa-sbom-community/27ce01dbbf92%2407bae1a0%241730a4e0%24%40businesscyberguardian.com.

--
You received this message because you are subscribed to the Google Groups "CISA-SBOM-community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cisa-sbom-community+unsubscribe@xxxxxxxxxxxxxxxx.
To view this discussion visit https://groups.google.com/d/msgid/cisa-sbom-community/2a0901dbc016%245699b8d0%2403cd2a70%24%40businesscyberguardian.com.