OMB has issued new guidance adopting a risk-based approach to federal software and hardware security, rescinding prior mandates under M-22-18 and M-23-16.

Agencies must retain complete inventories but may now choose whether to require secure development attestations and SBOMs. The scope also expands to explicitly include hardware supply chain risk.

How does this affect assurance and third-party risk management?

Source: https://www.whitehouse.gov/wp-content/uploads/2026/01/M-26-05-Adopting-a-Risk-based-Approach-to-Software-and-Hardware-Security.pdf

Follow TechNadu for factual policy reporting.

#InfoSec #CyberPolicy #SupplyChainRisk #SBOM #HardwareSecurity #TechNadu