📜Request for Comment on 2025 SBOM Minimum Elements by CISA
The Cybersecurity and Infrastructure Security Agency (CISA) announces the publication and request for public comment on draft guidance entitled, "2025 Minimum Elements for a Software Bill of Materials (SBOM)" (2025 CISA SBOM Minimum Elements), which updates the elements of an SBOM to reflect improvements in SBOM tooling and increased maturity of SBOM implementation. CISA requests input on the clarifications and enhancements in the proposed voluntary guidance.
Learn More🛡️Extension Notice for CISA Visitor Request Form Information Collection
The Office of the Chief Security Officer (OCSO) within Cybersecurity and Infrastructure Security Agency (CISA) submits the following Information Collection Request (ICR) to the Office of Management and Budget (OMB) for review and clearance.
Learn More🛡️CISA Announces Information Collection for Speaker Request Form
The Office of the Chief External Affairs Officer (EA) within Cybersecurity and Infrastructure Security Agency (CISA) submits the following information collection request (ICR) to the Office of Management and Budget (OMB) for review and clearance. CISA previously published this information collection request (ICR) in the Federal Register on May 29, 2025 for a 60-day public comment period. Zero comments were received by CISA. The purpose of this notice is to allow additional 30-days for public comments.
Learn More🛡️CISA Announces Vulnerability Reporting Submission Form
The Vulnerability Management (VM) subdivision within Cybersecurity and Infrastructure Security Agency (CISA) submits the following Information Collection Request (ICR) to the Office of Management and Budget (OMB) for review and clearance in accordance with the Paperwork Reduction Act of 1995. CISA previously published this ICR in the Federal Register on October 30, 2024, for a 60-day public comment period. CISA received one comment. The purpose of this notice is to allow an additional 30-days for public comments.
Learn More🔐CISA Notice on Actively Exploited Vulnerability Submission Form
The Vulnerability Management (VM) within Cybersecurity and Infrastructure Security Agency (CISA) submits the following Information Collection Request (ICR) to the Office of Management and Budget (OMB) for review. CISA previously published this ICR in the Federal Register on February 29, 2024, for a 60-day public comment period. One comment was received by CISA. The purpose of this notice is to allow an additional 30 days for public comments.
Learn More🛡️CISA Information Collection Request
The OFFICE FOR BOMBING PREVENTION (OBP) within Cybersecurity and Infrastructure Security Agency (CISA) will submit the following information collection request (ICR) to the Office of Management and Budget (OMB) for review and clearance in accordance with the Paperwork Reduction Act of 1995. CISA previously published this information collection request (ICR) in the Federal Register on January 10th, 2025, for a 60-day public comment period. ZERO comments were received by CISA. The purpose of this notice is to allow additional 30-days for public comments.
Learn More💣New Information Collection Request for Bombing Prevention Activities
The Office for Bombing Prevention (OBP) within Cybersecurity and Infrastructure Security Agency (CISA) will submit the following new Information Collection Request (ICR) to the Office of Management and Budget (OMB) for review.
Learn More🛡️CISA Cybersecurity Speaker Request Form Information Collection Notice
The External Affairs (EA) within Cybersecurity and Infrastructure Security Agency (CISA) submits the following information collection request (ICR) to the Office of Management and Budget (OMB) for review and clearance.
Learn More🔒CISA's New Vendor Engagement Registration Process
The Office of the Chief Acquisition Executive (OCAE) within Cybersecurity and Infrastructure Security Agency (CISA) submits the following information for a new Information Collection Request (ICR) to the Office of Management and Budget (OMB) for review and clearance. CISA previously published this ICR in the Federal Register on June 24, 2024, for a 60-day public comment period. One comment was received by CISA. The purpose of this notice is to allow additional 30-days for public comments.
Learn More🛡️CISA's New Incident Reporting Requirements
The Cybersecurity Division (CSD) within the Cybersecurity and Infrastructure Security Agency (CISA) will submit the following information collection request (ICR) to the Office of Management and Budget (OMB) for review and clearance. CISA previously published this information collection request (ICR) in the Federal Register on October 7, 2024, for a 60-day public comment period. Three (3) comments were received by CISA. One unrelated public comment was submitted. The purpose of this notice is to allow additional 30-days for public comments.
Learn More