Products Intelligence Pricing Methodology Contact
DEFENSE & GOVERNMENT CONTRACTING

Software Bill of Materials requirements

Defense and government contractors face binding Software Bill of Materials requirements driven primarily by the U.S. Department of Defense and the Cybersecurity and Infrastructure Security Agency, with the National Institute of Standards and Technology's SP 800-161r1 supply chain guidance setting the baseline that contracting officers now reference directly in solicitations. SBOM delivery has shifted from voluntary best practice to a contractual condition: procurement language issued under CMMC 2.0 and the Secure Software Development Framework is already appearing in Defense Federal Acquisition Regulation Supplement clauses, and compliance teams are mapping vendor software inventories against those deliverable requirements before contract renewals trigger. The obligation is no longer abstract.

Watch

  • DFARS clause updates requiring SBOM delivery as a contract deliverable
  • CISA's minimum SBOM element standard and how contracting officers cite it
  • CMMC 2.0 Level 2 certification deadlines for contractors handling CUI
  • EO 14028 implementation guidance on software supply chain attestation forms
  • DoD pilot programs expanding SBOM scope to operational technology components

Recent material activity in Defense & Government Contracting

Active monitoring in place across Defense & Government Contracting. Material developments related to software bill of materials requirements will appear here as they are published.