Cryptography Bill of Materials (CBOM)

Introduction to CBOM

Cryptography is foundational to digital security and privacy, and CycloneDX enables detailed representation of cryptographic assets within a system. This includes algorithms, keys, certificates, and their relationships to software components. Such granularity allows organizations to assess the robustness of their cryptographic implementations and address weaknesses and vulnerabilities like the use of deprecated algorithms or expired certificates.

In the context of emerging quantum threats, CycloneDX plays a pivotal role in helping organizations transition to quantum-safe cryptographic practices. By cataloging dependencies and identifying areas requiring upgrades, it supports compliance with standards such as the National Security Memorandum on Post-Quantum Cryptography. CycloneDX facilitates this journey with clarity and precision.

Highlights

• Provides transparency into cryptographic assets like algorithms, keys, and certificates.
• Assesses resilience against deprecated algorithms and quantum threats.
• Enables proactive management of cryptographic assets and policies.
• Aligns with post-quantum cryptography standards.

Expected Outcomes

• Enhanced cryptographic agility and preparedness for quantum-safe practices.
• Reduced risk from weak or mismanaged cryptographic implementations.
• Streamlined compliance with cryptographic policies and standards.
• Improved visibility into cryptographic dependencies and security posture.