TDA-04.2 ยท Software Bill of Materials (SBOM)

Control Description

Mechanisms exist to generate, or obtain, a Software Bill of Materials (SBOM) for Technology Assets, Applications and/or Services (TAAS) that lists software packages in use, including versions and applicable licenses.

Control Question
Assessment question for control validation

Does the organization generate, or obtain, a Software Bill of Materials (SBOM) for Technology Assets, Applications and/or Services (TAAS) that lists software packages in use, including versions and applicable licenses?

Control Weighting
9
Validation Cadence
Annual
NIST CSF Function
Identify
Supply Chain Risk Management (SCRM) Tiers
Applicable SCRM tier levels for this control
Tier 2 - Operational
Tier 3 - Tactical
Core Control Designations
Special designations and baseline inclusions
ESP Level 1: TDA-04.2
ESP Level 2: TDA-04.2
ESP Level 3: TDA-04.2
Additional Metadata
Applicability (Process):
x
Errata & Additional Notes

- wordsmithed control