Video: What is a CBOM?
In today’s complex digital technology landscape there is an ever-evolving threat that requires securing and protecting critical infrastructure, information, and assets. Several initiatives are under way throughout the Government to support the presidential Executive Order on Improving the Nation’s Cybersecurity which includes implementing a zero-trust framework and providing greater visibility into application vulnerabilities through the concept of a Software Bill of Materials (SBOM). It is time to apply the same principles to address a more comprehensive vision for automating cyber compliance – introducing “CBOM” or Compliance Bill of Materials.
The concept of a CBOM is a simple and elegant way to provide superior cyber compliance results using considerably less effort. The CBOM concept would automate the “trapping” of cyber controls/POAMS, ports/protocols, certs, applications, etc. documented in the RMF/ATO process as compliance code. CBOM makes innovation and collaboration between software and policy an automated reality.