SDLC governance briefing — NTIA defines minimum elements for SBOMs
The U.S. NTIA published the minimum elements for a Software Bill of Materials on 12 July 2021, setting expectations for dependency transparency that developer enablement teams must support.
What happened: NTIA released guidance detailing the essential data fields, automation requirements, and practices required for SBOM production.
- Data model: SBOMs must include supplier, component name, version, dependency relationships, and authoring information.
- Automation: Guidance stresses tooling support for automated generation and distribution in multiple formats (SPDX, CycloneDX).
- Lifecycle: SBOMs should be updated with build pipelines and made available to downstream consumers securely.
Next steps: Align SBOM tooling with NTIA criteria, update compliance documentation, and embed SBOM generation in CI workflows.