CISA has released a draft of the "2025 Minimum Elements for a Software Bill of Materials (SBOM)" and is inviting public comment through October 3, 2025. Building on the 2021 NTIA SBOM framework, this updated guidance reflects the technological evolution of SBOM tooling and the growing maturity of their adoption. It establishes a refined baseline for how software component data should be captured, structured, and shared to enhance transparency across the software supply chain.

The new version introduces additional key data fields such as component hash, license, tool name, and generation context. It also clarifies and revises existing elements like SBOM author, software producer, component version, and identifiers, while moving access control considerations into broader delivery specifications. The draft encourages automated and scalable SBOM creation, aiming to improve risk-informed decision-making and enhance software security across both government and private sectors.

‍

Source: https://industrialcyber.co/cisa/cisa-releases-2025-sbom-minimum-elements-outlining-minimum-requirements-for-software-transparency/