Skip to content

Cybersecurity threats have been increasing across all sectors, and there is much interest by stakeholders to reduce risks in strategies to reduce risks. In response to these challenges, in 2021, the Biden Administration developed and released Executive Order 14028 “Improving the Nation’s Cybersecurity,” in which the White House directed that the “Secretary of Commerce […] shall issue guidance identifying practices that enhance the security of the software supply chain.”

This report is intended to provide recommendations to all aviation stakeholders, including government and regulatory agencies, aircraft operators, aircraft manufacturers, and their suppliers for how SBoMs and related vulnerability identification and management should be effectively and efficiently implemented and utilized within the civil aviation sector. This will include addressing needed updates to industry standards as well as developing new capabilities to maintain and share SBoM-related information rapidly across the industry to facilitate both vulnerability and incident response.

1000 Wilson Boulevard, Suite 1700
Arlington, VA 22209-3928