SPECIAL NOTICE
99 -- Software Bills of Material (SBOMs) Request for Information
- Notice Date
- 9/15/2023 2:27:49 PM
- Notice Type
- Special Notice
- Contracting Office
- W6QK ACC-APG ABERDEEN PROVING GROU MD 21005-5001 USA
- ZIP Code
- 21005-5001
- Response Due
- 10/13/2023 2:00:00 PM
- Archive Date
- 10/28/2023
- Point of Contact
- James Caseja, Thomas Cummings
- E-Mail Address
-
james.p.caseja2.civ@army.mil, thomas.a.cummings16.civ@army.mil
(james.p.caseja2.civ@army.mil, thomas.a.cummings16.civ@army.mil)
- Description
- Request for Information Assistant Secretary of the Army for Acquisition, Logistics & Technology Office of the Deputy Assistant Secretary of the Army for Data, Engineering, and Software 15 September 2023 This Request for Information (RFI) seeks industry feedback on approaches being considered to improve the Army�s software supply chain security through proactive monitoring and mitigation of critical vulnerabilities. In response to Executive Order 14028, OMB Guidance M23-18 and M23-16, the Army is evaluating the following measures: Incorporate contract language that requires submission of vendor compliance with the Secure Software Development Framework (SSDF) through a legally binding Attestation Letter for all future software, components, and versions delivered to the Army. Incorporate contract language that requires a Software Bill of Materials (SBOM) as a primary artifact to address EO and OMB guidance for Army software-intensive systems using common standardized formats. Incorporate contract language that requires vendors who do not deliver an SBOM to self-monitor for critical vulnerabilities in all third-party software components, including open-source components. Encourage programs to perform software composition analysis of components and self-generate an SBOM as a best practice when vendors do not deliver an SBOM. Operationalize SBOMs by performing continuous monitoring, risk analysis, and mitigation. The Army seeks your feedback on alternatives to our approach, how to motivate SBOM delivery from vendors, share best practices, and better inform our software supply chain risk management strategy. See Attachment for detailed information and RESPONSE INSTRUCTIONS. Parties interested in Software Bill of Materials (SBOM) are encouraged to sign-up on the interested vendor list (IVL) in SAM.gov and follow the RFI to receive updates on this notice. Disclaimer This RFI is issued solely for information and planning purposes. This RFI is not a solicitation and is not to be construed as a commitment by the Government to issue a solicitation or ultimately award a contract. Responses will not be considered as proposals, nor will any award be made as a result of this request. Federal Acquisition Regulation (FAR) clause 52.215-3, �Request for Information or Solicitation for Planning Purposes�, is incorporated by reference. The Government does not intend to reimburse respondents for any costs associated with the submissions of their responses to this RFI; respondents to this RFI are solely responsible for all expenses associated with responding. Proprietary information and trade secrets, if any, must be clearly marked on all materials. All information received in response to this RFI that is marked �Proprietary� will be handled accordingly. Please be advised that all submissions become Government property and will not be returned nor will receipt be confirmed. In accordance with FAR 15.201(e), responses to this RFI are not offers and cannot be accepted by the Government to form a binding contract. Responses from this RFI will be used to formatively shape broad Army guidance for acquiring software solutions. Response content may be aggregated and anonymously published into summary documentation to facilitate such guidance. Any publications resulting from this RFI will be non-attributional, and RFI respondents� consent for their responses to be used for such purposes.
- Web Link
-
SAM.gov Permalink
(https://sam.gov/opp/e2156ae3d97d48acbb67f82ce3368fa7/view)
- Record
- SN06833138-F 20230917/230915230056 (samdaily.us)
- Source
-
SAM.gov Link to This Notice
(may not be valid after Archive Date)
| FSG Index | This Issue's Index | Today's SAM Daily Index Page |