# EO 14028 checks

### Minimum fields

EO 14028 checks correspond to the minimum elements in an SBOM as described by <https://www.ntia.doc.gov/files/ntia/publications/sbom_minimum_elements_report.pdf>

The table below lists the minimum elements. Some of these fields are at a SBOM level and the others are applicable for each component in the SBOM.

<table><thead><tr><th width="248">Data Field</th><th>Description</th></tr></thead><tbody><tr><td>SBOM Timestamp</td><td>Record of the date and time of the SBOM data creation</td></tr><tr><td>SBOM Author</td><td>The name of the entity that creates the SBOM data for this component</td></tr><tr><td>SBOM dependencies</td><td>Characterizing the relationship that a component X is included in software Y</td></tr><tr><td>Component Name</td><td>Designation assigned to a unit of software defined by the original supplier</td></tr><tr><td>Component Version</td><td>Version assigned to a unit of software defined by the original supplier</td></tr><tr><td>Component Supplier Name</td><td>The name of an entity that creates, defines, and identifies components</td></tr><tr><td>Component Unique Identifiers</td><td>Identifiers that are used to identify a component (like PURL, BomRefId etc)</td></tr></tbody></table>

### Mapping of minimum fields&#x20;

Below is a table mapping the NTIA minimum SBOM fields to SPDX and CycloneDX

|                         | SPDX                                       | CycloneDX                                                        |
| ----------------------- | ------------------------------------------ | ---------------------------------------------------------------- |
| SBOM Timestamp          | (2.9) Created:                             | metadata/timestamp                                               |
| SBOM Author             | (2.8) Creator:                             | metadata/authors/author                                          |
| SBOM dependencies       | (7.1) Relationship: DESCRIBES CONTAINS     | Inherent in nested assembly/subassembly and/or dependency graphs |
| Component Name          | (3.1) PackageName:                         | name                                                             |
| Component Version       | (3.3) PackageVersion:                      | version                                                          |
| Component Supplier Name | (3.5) PackageSupplier:                     | Supplier publisher                                               |
| Component Unique Ids    | (2.5)SPDX Document Namespace (3.2) SPDXID: | bom/serialNumber component/bom-ref                               |


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.veedna.com/sbom360-osm/generate-an-sbom/existing-sbom-as-source/eo-14028-checks.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.