Germany: Adopted Technical Guideline TR-03183 on cyber resilience requirements for Manufacturers and Products

On 4 August 2023, the German Federal Office for Information Security (BSI) adopted its Technical Guideline TR-03183 on cyber resilience requirements for Manufacturers and Products. The Guideline outlines the concept of a Software Bill of Materials (SBOM), which is a machine-readable record that catalogues the components used in software applications. Furthermore, the Guideline emphasises the need for increased transparency and understanding of software complexity by providing information about component origins. In addition, the Guideline discusses various types of SBOMs and their creation stages, such as Design SBOM, Source SBOM, Build SBOM, Analysed SBOM, Deployed SBOM, and Runtime SBOM. Furthermore, legal mandates for SBOM adoption under the Cyber Resilience Act (CRA) in the EU and the US Executive Order 14028 are mentioned.