Keysight Technologies’ SBOM Manager is a new solution designed to help organisations meet growing global cybersecurity and software transparency requirements, led by the European Union’s Cyber Resilience Act (CRA).
The solution provides a unified approach to generating, managing, and using Software Bill of Materials (SBOMs) for digital products, enabling organisations to meet regulatory obligations with greater accuracy, confidence, and consistency across the product lifecycle.
Cybersecurity regulations worldwide are converging on a common expectation: manufacturers must understand, manage, and disclose the components within their digital products, including software and firmware.
Regulations such as the EU CRA, U.S. Executive Order 14028, U.S. Food and Drug Administration (FDA) cybersecurity requirements for medical devices, and emerging frameworks in Asia are making SBOMs a foundational requirement for market access, regulatory approval, and customer trust worldwide.
Keysight SBOM Manager is designed to support this shift by addressing the practical challenges organisations face as SBOM requirements expand. The solution enables broader and more accurate visibility into digital products by analysing binary software, firmware, containers, and other packaged components, including closed-source and deeply embedded dependencies.
It continuously correlates SBOMs with multiple authoritative vulnerability sources, intelligently filters out vulnerabilities that are not applicable, and supports the use of Vulnerability Exploitability eXchange (VEX). This enables teams to focus on meaningful risk rather than being overwhelmed by raw vulnerability data.
In addition, Keysight SBOM Manager supports secure and scalable sharing of SBOMs and vulnerability information through controlled, role-based access and version tracking, helping organisations meet regulatory and customer transparency expectations.
Built-in validation and normalisation help ensure SBOMs align with evolving standards and regulatory minimum requirements, while support for SBOM consumers enables organisations to ingest, manage, and map SBOMs to deployed digital assets, connecting transparency directly to real operational environments.
Naoki Shimazaki, Fourth Design Department, Director, Software-Defined Solutions Division, Connective Engineering Division, Hitachi Industry & Control Solutions, Ltd., said: “The use of SBOMs is becoming an essential element in monitoring system security risks, including software composition management and supply chain risk management. We believe that solutions such as these, which enable visibility into system components and support vulnerability impact analysis, have significant potential to strengthen organisations’ cybersecurity efforts.”
Dmitry Raidman, Co-founder and Chief Technology Officer, CyBeats, commented: “While companies innovate at the speed of AI, they must also put tighter governance and stronger controls in place, especially as modern products increasingly rely on open source, third-party components, and AI-assisted development. Supply chain transparency and accountability are now paramount. To meet growing global regulations, organisations need the ability to continuously generate trustworthy SBOMs, correlate them with actionable vulnerability intelligence, apply VEX to reduce noise, and automate response workflows at scale. As transparency expectations expand across software, AI, cryptography, and hardware, visibility into the full digital product stack is becoming essential for secure-by-design development, regulatory readiness, and customer trust.”
Ram Periakaruppan, Vice President and General Manager, Network Test & Security Solutions at Keysight, added: “As cybersecurity regulations mature, SBOMs are becoming a prerequisite for doing business globally. Keysight SBOM Manager helps organisations meet these requirements with confidence by bringing accuracy, consistency, and scalability to SBOM generation and management.”
The EU CRA, which comes into force in 2026, requires manufacturers of connected digital products to implement cybersecurity risk management, maintain SBOMs, and report actively exploited vulnerabilities within 24 hours. Similar expectations are already in place through U.S. Executive Order 14028 and FDA cybersecurity guidance, while regulators in India, Japan, and South Korea are formalising SBOM requirements across regulated sectors. Failure to comply can result in penalties, delayed approvals, recalls, or restricted market access.
By bringing together accurate SBOM generation for digital products, continuous vulnerability intelligence, secure sharing, data quality assurance, prioritisation, and consumer-side visibility in a single platform, Keysight SBOM Manager helps organisations reduce regulatory risk, improve vulnerability response, and build greater trust across global digital supply chains.
