Labgram #117/Valgram #136 – SBOM ProcessValidators and CCTLs,
This labgram clarifies NIAP expectations regarding the SBOM process as required by NIAP Policy 30. To ease the transition of submitting SBOMs as part of the NIAP evaluation process, sync sessions will be required to evaluate the quality of the SBOMs. Following kick-off, a mandatory sync session must be scheduled with NIAP to ensure the SBOM meets requirements. Further sync sessions may be requested by NIAP or the CCTL. In addition to satisfying the requirements in NIAP Policy 30, the CCTL must: · Explain how the SBOM will be used in the vulnerability assessment process. · Act as the intermediary between NIAP and the vendor to ensure a complete SBOM acceptable to NIAP If you have any questions or concerns, please contact us at 410-854-4458 or by email niap@niap-ccevs.org.
Thank you,
NIAP Staff Posted on 2024-03-04 by NIAP Staff |