There has a movement for a "software bill of materials" (SBOM) for devices that was originally championed at the NTIA (Dept of Commerce) https://www.ntia.doc.gov/SoftwareTransparency It has since moved over to CISA https://www.cisa.gov/sbom
The tool advertised in this article is focused on managing software components. Generating SBOMs seems to be a key function.
Healthcare and medical devices have been been the on the forefront of the movement with proof of concept collaboration between manufacturers and healthcare providers.
The are a few SBOM formats out there
SWID (NIST)- https://nvd.nist.gov/products/swid
SPDX (Linux Foundation)- https://spdx.dev/
CycloneDX (OWASP) - https://cyclonedx.org/
SBOMs are making their way into laws and regulations-
May 12, 2022 - Executive order on security that among other things requires SBOMs for federal procurement
https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/
April 2022 - The FDA released a *draft* of the "Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions"... the security requirements to get a medical device. SBOMs are included in those requirements. They also appeared in a previous draft in 2018(?)
April 2022 - the Patch Act the was introduced to bolster healthcare IT security that includes SBOM for medical devices.
There’s a lot if anyone is interested.
-Chad