Security News > 2021 > August > We'll drop SBOMs on UK.gov to solve Telecoms Security Bill's technical demands, beams Cisco
Britain's Telecoms Security Bill will be accompanied by a detailed code of practice containing 70 specific security requirements for telcos and their suppliers to meet, The Register can reveal.
The Telecom Security Bill, which is near the end of its journey through Parliament, has been rather unpopular with some ISPs who have previously complained about the high cost of compliance.
Now El Reg can reveal more about the detailed requirements due to be imposed on the industry, thanks to Cisco publishing a detailed paper [PDF] explaining how it already complies with UK.gov and National Cyber Security Centre requirements.
SBOMs as a security management concept have come in for some criticism recently because they could create the illusion that picking one specific software library and saying "Job done, it's secure" doesn't set the expectation that the library will need updating in future.
Other key inclusions in the Vendor Annex include provision of secure boot, security testing along with a specific requirement that there are "No undocumented administrative mechanisms", something that's caught Cisco out in the past among others.
While the document will be undergoing more revisions over the coming months, the TSB's proposed requirement to log 13 months of "All access" to networks by users will continue to worry privacy and security advocates alike.