The White House has scrapped the one‑size‑fits‑all SBOM mandate and told agency leaders to own their cyber risk, now flexibility meets accountability
The White House has scrapped the one‑size‑fits‑all SBOM mandate and told agency leaders to own their cyber risk, now flexibility meets accountability  
Podcast: The Federal Drive with Terry Gerton
Published On: Fri Feb 20 2026
Description: OMB’s new memo rescinds the Biden‑era requirements and shifts software and hardware security to an agency‑driven, risk‑based model. SBOMs and attestations move from “must” to “may.” That means CIOs and CISOs can tailor what they ask for from vendors, but they’ll also carry the burden of proving those choices keep mission systems safe. We’ll dig into what this change unlocks and where it could create blind spots with Jean‑Paul Bergeaux, Federal CTO at GuidePoint Security.See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.