>myctrl.tools
Preferences
Under active development Content is continuously updated and improved · Last updated Feb 18, 2026, 2:55 AM UTC
Compare

CM-8(10)If an enterprise uses an open source project that does not have an SBOM and the enterprise requir...

>Control Description

If an enterprise uses an open source project that does not have an SBOM and the enterprise requires one, the enterprise will need to 1) contribute SBOM generation to the open source project, 2) contribute resources to the project to add this capability, or 3) generate an SBOM on their first consumption of each version of the open source project that they use.

>Cross-Framework Mappings

SCF

CFG-04.1
Compare
TDA-04
Compare
TDA-04.1
Compare
TDA-04.2
Compare
TDA-05
Compare

Ask AI

Configure your API key to use AI features.