@@ -2737,7 +2737,7 @@ Early versions of this document had a section about SBOM requirements.
Removed requirements:
These requirements are generally binding, and there is no low-medium-high tiering available.
The requirements in 5.2.5 apply to all NMS products and are not subject to low-, medium-, or high-tier differentiation, because the SBOM is a baseline transparency and dependency-management artifact needed to support vulnerability handling, update management, and product assessment across all deployment contexts.
-**[REQ-SBOM-0]:** Operating system dependencies and application dependencies shall be clearly separated in the provided SBOM.
-**[REQ-SBOM-1a]:** Unique, unambiguous, and machine-readable identification of all components and dependencies shall be provided in the SBOM.