◈ AI Security Intelligence ← All terms
Governance  ·  Glossary

Cryptography Bill of Materials (CBOM)

Definition
Analogous to a software bill of materials (SBOM) that lists every software component in a product, a CBOM is a complete inventory of every encryption algorithm, key, certificate, and cryptographic library an organisation uses — and exactly where each one lives in their systems. US Executive Order 14409 requires NIST to define the minimum elements of a CBOM, making it a new compliance deliverable for federal agencies and contractors.
Why it matters
Most organisations have no idea where all their encryption is deployed, making migration to quantum-resistant standards nearly impossible without this inventory first. For any organisation with US government contracts, a CBOM will become a mandatory compliance artefact within months.
Demonstrated by recent findings
White House Executive Order 14409: 'Securing the Nation Against Advanced Cryptographic Attacks' — Mandated Federal PQC Migration with Hard 2030/2031 Deadlines and CBOM Requirement
References
White House Executive Order 14409 — Securing the Nation Against Advanced Cryptographic Attacks
Track this in the live feed See how this plays out in real AI security and governance developments.
Open the feed →