Sorry, your browser is not compatible with this application. Please use the latest version of Google Chrome, Mozilla Firefox, Microsoft Edge or Safari.
Adopting a Risk-Based Approach to Software and Hardware Security
OMB Memorandum M-26-05 directs federal agencies to implement a risk-based approach to software and hardware security, emphasizing flexibility over compliance-driven frameworks. The memo rescinds prior policies (M-22-18 and M-23-16) that focused heavily on standardized software supply chain requirements, citing inefficiencies and limited effectiveness. Agencies are instead instructed to develop tailored security assurance processes based on mission needs and comprehensive risk assessments. The guidance highlights the importance of maintaining inventories, leveraging SBOMs, and referencing frameworks such as NIST SP 800-218 and CISA guidance to strengthen supply chain security.
| Format: |
|
| Topics: | |
| Website: | Visit Publisher Website |
| Publisher: | The White House |
| Published: | January 23, 2026 |
| License: | Public Domain |
Featured Content
Contact Publisher
Claim Content