The following pages will guide device operators, on how to deal with SBOMs in practical manner.
Step 1: contact your supplier and inform them about your requirements for SBOMs
Step 2: set out procurement guidelines
Step 3: evaluate procurement proposals and proposed hardware & software
Step 4: evaluate SBOM and investigate dependencies
Step 5: integrate an automated vulnerability reporting system into the Security Operations Center
Step 6: exercise incidents on a regular basis
Step 7: ensure there is an automated update process in place