The White House scrapped SBOMs in favor of agency-managed cyber risk. Flexibility, meet accountability.

February 20, 2026 – Published on Federal News Network

OMB’s new memo rescinds the Biden‑era requirements and shifts software and hardware security to an agency‑driven, risk‑based model. SBOMs and attestations move from “must” to “may.” That means CIOs and CISOs can tailor what they ask for from vendors, but they’ll also carry the burden of proving those choices keep mission systems safe.

Jean‑Paul Bergeaux, Federal CTO at GuidePoint Security, joined The Federal Drive with Terry Gerton to dig into what this change unlocks and where it could create blind spots.

Read More HERE.