Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · BILL · 117th Congress · S. 4543 (Reported in Senate) — To authorize appropriations for fiscal year 2023 for military activities of the Department of Defense, for military c... · Sec. 1627

Sec. 1627. Requirement for software bill of materials

417 words·~2 min read·/bill/117/s/4543/rs/section-1627·

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

The Secretary of Defense shall amend the Department of Defense Supplement to the Federal Acquisition Regulation to require a software bill of materials
(SBOM)for all noncommercial software created for or acquired by the Department of Defense. The amendment required by paragraph
(1)may provide for waivers that require approval by an official whose appointment is subject to confirmation by the Senate. The Chief Information Officer, the Under Secretary of Defense for Acquisition and Sustainment, and the Under Secretary of Defense for Research and Engineering shall jointly submit to the Secretary recommendations regarding the content of the amendment required by subsection (a). The Secretary shall conduct a study of the feasibility and advisability of acquiring a software bill of materials for software already acquired by the Department. Not later than 270 days after the date of the enactment of this Act, the Secretary shall provide the congressional defense committees a briefing on the findings of the Secretary with respect to the study conducted under paragraph
(1)and such recommendations as the Secretary may have with respect to acquiring a software bill of materials for software already acquired by the Department. Not later than one year after the date of the enactment of this Act, the Secretary shall, in consultation with industry, develop an approach for commercial software in use by the Department and future acquisitions of commercial software that provides, to the maximum extent practicable, policies and processes for operationalizing software bills of materials to enable the Department to understand promptly the cybersecurity risks to Department capabilities posed by discoveries of vulnerabilities and compromises in commercial and open source software. Not later than 180 days after the date of the enactment of this Act, the Secretary shall issue a request for information from the public and private sectors regarding technical and procedural options to identify software deployed in the Department to enable risk assessments and patching of security vulnerabilities when such vulnerabilities are discovered in the absence of reliable bills of materials. Not later than one year after the date of the enactment of this Act, the Secretary shall provide the congressional defense committees a briefing on the findings of the Secretary with respect to the solicitation for information under paragraph (1). In this section, the term software bill of materials means a complete, formally structured list of components, libraries, and modules that are required to build, compile, and link a given piece of software and an identification of the provenance and supply chain relationships between them.
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.