Yesterday, CISA released the Software Bill of Materials (SBOM) Sharing Lifecycle Report to the cybersecurity and supply chain community. The purpose of the report is to enumerate and describe the different parties and phases of the SBOM Sharing Lifecycle. The report assists in choosing suitable SBOM sharing solutions based on the amount of time, resources, subject-matter expertise, effort, and access to tooling that is available to implement a phase of the SBOM sharing lifecycle. The report also highlights survey results obtained from interviews with stakeholders to understand the current SBOM sharing landscape. Access the full report at CISA.

Additionally, CISA also published Trusted Internet Connections (TIC) 3.0 Core Guidance Documents, along with a final version of TIC Use Cases Covering Cloud Services. This guidance incorporates cloud-specific considerations, such as the shared services model and cloud security posture management principles outlined in the Cloud Security Technical Reference Architecture. This use case is written from the vantage point of cloud-hosted services, as opposed to from the vantage point of the client accessing these services. Read more at CISA.