Cryptographic bill of materials

Cryptographic bill of materials is a structured inventory of all cryptographic assets present in a software, firmware, device, or system. It enumerates algorithms, cryptographic libraries or modules, digital certificates, keys and related material, and protocols in use, and maps their relationships to the components that implement or invoke them. CBOMs are used to improve security analysis, compliance, and cryptographic agility, and are increasingly referenced in guidance for post‑quantum cryptography (PQC) migration.