H. Rept. 117-120: DHS Software Supply Chain Risk Management Act of 2021, Report to Accompany H.R. 4611, September 14, 2021 [open pdf - 222KB]
From the Purpose and Summary: "H.R. 4611, the 'DHS Software Supply Chain Risk Management Act of 2021,' seeks to enhance the Department of Homeland Security's (DHS) ability to protect its networks from malicious cyberattacks by modernizing how the Department procures information and communications technology or services (ICT(S)). The bill would require the Under Secretary for Management (USM) to issue Department-wide guidance to improve DHS's insight into the software it purchases from new and existing ICT(S) contractors. Specifically, contractors are to provide DHS with a software bill of materials that identifies key information, such as the origin of each part or component of new or reused software supplied to the Department. Contractors are also required to certify that each item listed on the software bill of materials is free from all known vulnerabilities or defects that affect the security of supplied ICT(S) capabilities and to notify DHS of any identified issues and plans for addressing them. The Comptroller General, in turn, is required to report to Congress on DHS's implementation of the guidance required by this Act, engagement with industry, and compliance with Executive Order 14208 related to improving the Nation's cybersecurity, among other things."
H. Rept. 117-120; House Report 117-120
U.S. Government Publishing Office: http://www.gpo.gov/