Trump's new Cybersecurity EO eliminates these provisions from Biden's last Cybersecurity EO:

Mandatory, machine-readable attestations from every federal software supplier that they follow NIST’s Secure Software Development Framework (SSDF)

A CISA-run Repository for Software Attestations & Artifacts (RSAA) plus a program that randomly validates those filings and publicly names vendors that fail.

New FAR clauses forcing every agency to buy only from suppliers that file acceptable attestations.

Escalation path to DOJ for vendors that lie in an attestation.

The centralized requirement to hand over an SBOM (or any validating artifact) for every piece of software the government buys has been removed. However, SBOMs still exist in federal policy, and any individual agency can continue to demand them under EO 14028 and existing OMB or DoD guidance