[Suit] Request for Comment on "Minimum Elements of SBOM" for Cybersecurity EO
Russ Housley <housley@vigilsec.com> Fri, 28 May 2021 16:24 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EDCA63A2D92 for <suit@ietfa.amsl.com>; Fri, 28 May 2021 09:24:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WF9corm1oybz for <suit@ietfa.amsl.com>; Fri, 28 May 2021 09:24:34 -0700 (PDT)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A194E3A2D90 for <suit@ietf.org>; Fri, 28 May 2021 09:24:34 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 1DA22300BD7 for <suit@ietf.org>; Fri, 28 May 2021 12:24:33 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id AH3XQdxMTJer for <suit@ietf.org>; Fri, 28 May 2021 12:24:26 -0400 (EDT)
Received: from a860b60074bd.fios-router.home (pool-141-156-161-153.washdc.fios.verizon.net [141.156.161.153]) by mail.smeinc.net (Postfix) with ESMTPSA id AE30130008D for <suit@ietf.org>; Fri, 28 May 2021 12:24:26 -0400 (EDT)
From: Russ Housley <housley@vigilsec.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.20\))
Message-Id: <CED93756-05F7-42CB-B0AD-18FE8E1D4CF4@vigilsec.com>
Date: Fri, 28 May 2021 12:24:25 -0400
To: suit <suit@ietf.org>
X-Mailer: Apple Mail (2.3445.104.20)
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/nLI4dyIeWIY9HLwT4pByiYSOP3U>
Subject: [Suit] Request for Comment on "Minimum Elements of SBOM" for Cybersecurity EO
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 May 2021 16:24:39 -0000
This may be of interest to the people on this mail list. > From: "Friedman, Allan" <AFriedman@ntia.gov> > Subject: Request for Comment on "Minimum Elements of SBOM" for Cybersecurity EO > Date: May 28, 2021 at 12:10:21 PM EDT > To: "Remaley, Evelyn" <ERemaley@ntia.gov> > Cc: PRESS <PRESS@ntia.gov> > > Dear Stakeholders, > > The Executive Order on Improving the Nation’s Cybersecurity directs the Department of Commerce and NTIA to publish the minimum elements for a Software Bill of Materials (SBOM). Following this EO, NTIA is requesting comments on the minimum elements for an SBOM, and what other factors should be considered in the request, production, distribution, and consumption of SBOMs. > > The Request for Comments offers an initial proposal for the minimum elements for feedback, building on existing work from the community. This approach centers on three broad, inter-related areas: data fields, operational considerations, and support for automation. Focusing on these three areas will enable an evolving approach to software transparency, and serve to ensure that subsequent efforts will incorporate more detail or technical advances. The Request also asks about a range of related issues that may require consideration for broader SBOM implementation. > > The Request is attached in PDF form and posted here: https://www.ntia.gov/federal-register-notice/2021/notice-rfc-software-bill-materials-elements-considerations. > > The deadline for Comments will be 15 days after the official publication in the Federal Register. We will share an update after official publication to give the exact due date. > > Please don't hesitate to reach out if you have any questions. > > allan >
- [Suit] Request for Comment on "Minimum Elements o… Russ Housley