SBOM vs C-SCRM.
Two regulatory anchors. Planisphere's evidence record maps both controls. This page is the comparison query's canonical destination.
When to lead with SBOM.
Audience. software bill of materials · NTIA + CISA.
Shape. crate · brass manifest header.
Where it lives in the record. The SBOM cite-anchor pins next to every artifact in ATTESTATION.json. See the SBOM brief for the field-level mapping.
When to lead with C-SCRM.
Audience. supply-chain risk · NIST SP 800-161r1.
Shape. linked chain · 3 rings · brass middle link.
Where it lives in the record. The C-SCRM cite-anchor pins next to every artifact in ATTESTATION.json. See the C-SCRM brief for the field-level mapping.
Both at once.
Planisphere's evidence record is multi-control by construction. SBOM and C-SCRM are both keys in the record's requirement list; the same SHA-pinned, Merkle-rooted artifact gives both evaluators a shared review record.
The requirement list is open — add any standard the regulator names. See the full compliance-control register.