In a significant step to enhance the security of its software supply chain, the U.S. Army will require all software vendors working with the Army to generate and deliver Software Bills of Materials (SBOMs) starting in February 2025. This new mandate, part of broader federal cybersecurity initiatives, aims to provide transparency into the software components used in mission-critical systems and to mitigate supply chain risks.
Under this new directive from the Assistant Secretary of the Army for Acquisition, Logistics, and Technology, all Army contractors must include an SBOM with every software product delivered to the Army, including commercial off-the-shelf (COTS) software, open-source, and proprietary code. Program Executive Offices (PEOs) and Program Managers (PMs) will be responsible for securely managing these SBOMs and monitoring them for vulnerabilities throughout the software lifecycle.
Vigilant Ops Positioned to Help Vendors Meet Compliance Requirements:
Vigilant Ops, a leading SBOM lifecycle management solutions provider, is uniquely positioned to support Army suppliers in meeting this new requirement. The company’s platform enables organizations to seamlessly generate, monitor, and manage SBOMs in compliance with Army and Department of Defense (DoD) regulations. Vigilant Ops provides an automated, scalable solution for SBOM generation, secure storage, and real-time monitoring of vulnerabilities across software components.
“As the Army takes this essential step to secure the software supply chain, we’re here to ensure that contractors and suppliers are fully prepared to meet these evolving requirements,” said Ken Zalevsky, CEO of Vigilant Ops. “Our platform streamlines the entire SBOM process, from generation to continuous monitoring, empowering organizations to stay ahead of compliance demands while enhancing their overall security posture.”
Key Features of Vigilant Ops’ SBOM Lifecycle Management Platform:
- Automated SBOM Generation: Vigilant Ops’ platform automates the creation of compliant SBOMs, ensuring suppliers meet the Army’s mandate, Executive Order 14028, and other regulatory requirements.
- Continuous Vulnerability Monitoring: The platform provides real-time vulnerability information sourced from trusted databases like the National Vulnerability Database (NVD) and GitHub Security Advisories (GHSA), allowing vendors to identify and address risks quickly.
- Secure SBOM Management and Sharing: Vigilant Ops offers secure, scalable SBOM storage, allowing vendors to manage and share SBOMs securely while tracking vulnerabilities throughout the software lifecycle.
- Compliance Reporting: The platform includes built-in reporting tools to help suppliers demonstrate compliance with Army and DoD SBOM requirements, ensuring smooth audits and reducing compliance burdens.
The Army’s new SBOM mandate reflects the growing awareness of the risks posed by third-party software components. SBOMs offer a transparent view of the software supply chain, enabling organizations to proactively manage vulnerabilities and respond to threats faster. This new policy underscores the Army’s commitment to securing its mission-critical systems and improving its incident response capabilities.
Vendors and contractors working with the U.S. Army are encouraged to begin preparing now for the February 2025 SBOM mandate. Vigilant Ops is ready to partner with suppliers to ensure a smooth transition to SBOM compliance. With automated SBOM generation, secure storage, and continuous monitoring, the Vigilant Ops platform provides a comprehensive solution for managing SBOMs at scale.
To learn more about how Vigilant Ops can help your organization comply with the Army’s new SBOM requirements, email info@vigilant-ops.com.
