Golden Dome Requires Firmware Bills of Materials, SBOMs, and Other Supply Chain Security Measures
In May, 2025 the U.S. Secretary of Defense announced support for the Golden Dome for America (GDA). The project is a next-generation missile defense shield to be integrated with existing U.S. air and missile defense systems.
The memo announcing support for GDA lists several requirements for vendors providing hardware and software for the project, with a heavy emphasis on software and supply chain security. The memo references the importance of adhering to NIST 800-53r5 for cyber risk management, and specifically notes NIST 800-161 for Cybersecurity Supply Chain Risk Management (C-SCRM).
In particular the memo describes several Bills of Materials that will be required from vendors participating in Golden Dome, including Hardware, Software, and Firmware BOMs.
Eclypsium’s Support for the Golden Dome for America (GDA) Project
Eclypsium’s platform is designed to assist with the cybersecurity requirements for the Golden Dome for America (GDA) program, particularly by focusing on foundational security layers that are often overlooked by traditional security tools. Its core capabilities directly address key GDA requirements related to supply chain risk management, software integrity, and regulatory compliance.
How Eclypsium Supports Specific Golden Dome SBOM and C-SCRM Requirements
Eclypsium directly supports many of the requirements in the Secretary of Defense memo on the Golden Dome program, and peripherally supports others. Here’s a quick summary of what the memo says, and how Eclypsium can contribute to the success of the program for vendors and for the DoD at large.
| Golden Dome Program Requirement | Eclypsium Support |
| “Each vendor will provide a complete bill of materials. The contents of the xBOM will include the Hardware BOM, Software BOM, Firmware BOM, Microelectronics BOM, Chemical BOM, and Raw Materials BOM” | Supply Chain Risk Management and xBOM Generation: Eclypsium provides an automated and continuous way to manage the security of the entire device supply chain. It can automatically generate a comprehensive Bill of Materials (xBOM), including Hardware, Firmware, and Software components (HBOM, FBOM, and SBOM). This gives GDA the transparency needed to protect against supply chain attacks and ensures all technology components have valid provenance. The platform can also detect and verify the integrity of all components, including open-source and proprietary ones, to ensure they haven’t been tampered with or replaced with counterfeit parts. |
| “Software integrity is key to protecting Federal systems from nation state and criminal actors seeking to disrupt our Nation’s critical functions” | Software Integrity and Tamper Protection: The platform focuses on security below the operating system level, which is a common target for sophisticated adversaries. It continuously monitors and alerts for any changes that could indicate a compromise. Eclypsium can perform cryptographic checks on firmware and detect malicious modifications, which aligns with GDA’s requirements for secure software development and its tamper protection program. It can also identify threats like rootkits and bootkits that are designed to evade standard security controls. |
| “The ability to manage supply chain risk is fundamentally tied to an ability to know the suppliers of all components and services used for mission execution. All vendors must document, monitor, and maintain valid provenance of the system components, and ensure system components are genuine.” | Regulatory Compliance and Documentation: Eclypsium’s capabilities align with important NIST standards, such as SP 800-161 (Supply Chain Risk Management) and SP 800-193 (Platform Firmware Resiliency). The platform helps with GDA’s documentation and audit requirements by generating detailed inventories of hardware, software, and firmware. This information assists vendors in providing the necessary artifacts for security authorization and ensuring compliance. |
To learn more about how Eclypsium secures Federal and Department of Defense Systems, check out our Eclypsium Public Sector Solutions page.
