U.S. House Passes Supply Chain Security Bill

| vigilantops | , ,

As part of the response to recent hacks, the United States House of Representatives voted on and passed the DHS Software Supply Chain Risk Management Act of 2021 on October 20, 2021, by a vote of 412-2. The Act covers both new and existing contracts with the Department of Homeland Security (DHS).

As a Condition on the Award of Contracts

Contractors must submit a bill of materials, defined in this Act as “a list of the parts and components (whether new or reused) of an end product or service, including, with respect to each part and component, information relating to the origin, composition, integrity, and any other information as determined appropriate by the Under Secretary.”

Continuous SBOM Updates Required

As information in the SBOM changes, contractors are required to submit updates to SBOMs. “…in the case of a change to the information included in a bill of materials…each contractor shall submit…the update to such bill of materials, in a timely manner.”

SBOMs Certified Using the National Vulnerability Database (NVD)

Items listed on the bill of materials must be “…free from all known vulnerabilities or defects affecting the security of the end product or service identified in the National Institute of Standards and Technology National Vulnerability Database…”. In other words, product risk analysis must include investigation into component vulnerabilities and their potential impact on the security of the product and software supply chain risk.

Founded in 2019, Vigilant Ops is an innovator in the medical device cybersecurity industry. Led by seasoned medical device cybersecurity experts with more than forty years of combined experience, Vigilant Ops provides medical device manufacturers and hospitals with unprecedented insight into device risk profiles, enabling proactive management of threats before they impact the quality of patient care.

For more information about Vigilant Ops or the InSight Platform, please visit our website at www.vigilant-ops.com
Or drop us an email at: [email protected]

Matt Lentine
[email protected]
412-704-4602

Vigilant Ops

GENERATE YOUR OWN SBOMs FOR FREE!

Fill out the form with your information, including a valid email address, and we will contact you to start your Free SBOM Trial. During your Free SBOM Trial , you will be able to generate and view your SBOMs, plus you’ll have access to our team of cybersecurity experts, to help you make sense of your generated SBOMs.


Vigilant Ops
8085 Saltsburg Rd., Pittsburgh, PA 15239
(412) 704 - 4600
[email protected]

Copyright © 2021 Vigilant Ops. All rights reserved.