(i) By August 1, 2025, the Secretary of Commerce, acting through the Director of NIST, shall establish a consortium with industry at the National Cybersecurity Center of Excellence to develop guidance, informed by the consortium as appropriate, that demonstrates the implementation of secure software development, security, and operations practices based on NIST Special Publication 800–218 (Secure Software Development Framework (SSDF)).
I was asked my opinion if the June 6 Cybersecurity Executive Order would change which US Government Agency will be responsible for providing official SBOM implementation guidance. IMO, I believe NIST will continue to retain responsibility for providing official US Government guidance for SBOM implementation: https://www.linkedin.com/posts/richard-dick-brooks-8078241_software-security-in-supply-chains-software-activity-7337613259493007360-wFiI?utm_source=share&utm_medium=member_desktop&rcm=ACoAAABMsYcB3I6zhtjaqBqVcePEOQqxsZNzj5E