Safeguard Documentation Center
Portal

Compliance

EO 14028 and regulatory compliance verification

Compliance

Portal provides automated compliance verification for EO 14028, FedRAMP, and other regulatory requirements.

EO 14028 Compliance

Executive Order 14028 requires software vendors selling to the US government to provide SBOMs meeting specific criteria.

Automated Verification

Portal automatically validates SBOMs against EO 14028 requirements:

RequirementDescriptionStatus
Minimum FieldsAll NTIA minimum fields present✅/❌
Component IDUnique identifiers for all components✅/❌
Supplier InfoVendor/supplier data included✅/❌
Version InfoSpecific version details✅/❌
DependenciesRelationships defined✅/❌
Hash ValuesCryptographic verification✅/❌

Compliance Score

Each SBOM receives a compliance score:

  • 100% - Fully compliant
  • 80-99% - Minor gaps
  • 50-79% - Significant gaps
  • Below 50% - Major remediation needed

Gap Analysis

View specific gaps and remediation steps:

  1. Open the SBOM
  2. Navigate to Compliance tab
  3. View the gap analysis
  4. Follow remediation guidance

FedRAMP Compliance

For organizations requiring FedRAMP certification:

  • FedRAMP HIGH control mapping
  • IL7 (Impact Level 7) support
  • Continuous monitoring integration
  • Control inheritance documentation

NTIA Minimum Elements

The NTIA defines minimum SBOM elements:

ElementDescription
Supplier NameName of entity that creates/distributes
Component NameName assigned to the component
VersionVersion identifier
Unique IdentifierPURL, CPE, or other unique ID
Dependency RelationshipUpstream/downstream relationships
AuthorName of SBOM author
TimestampDate/time of SBOM generation

Compliance Reports

Generate audit-ready reports:

  1. Select SBOMs for reporting
  2. Choose report type:
    • EO 14028 Compliance Report
    • NTIA Minimum Elements Report
    • Gap Analysis Report
    • Full Audit Package
  3. Export as PDF or Excel
  4. Include supporting documentation

Automated Remediation

Fix common compliance gaps automatically:

  • Add missing supplier information
  • Generate unique identifiers
  • Complete dependency mapping
  • Add required timestamps

Sharing

Securely share SBOMs with customers, partners, and auditors

Audit Trails

Complete activity logging for compliance and security

On this page

ComplianceEO 14028 ComplianceAutomated VerificationCompliance ScoreGap AnalysisFedRAMP ComplianceNTIA Minimum ElementsCompliance ReportsAutomated Remediation