Cyber Supply Chain Management and Transparency Act of 2014

[AI summary unavailable — showing source text] Cyber Supply Chain Management and Transparency Act of 2014 - Requires the Office of Management and Budget (OMB) to issue guidelines for agencies that contract to acquire software, firmware, or products containing a third party or open source binary component. Requires binary component contracts to include clauses requiring: a confidentially supplied list, or a bill of materials, of each binary component that is used in the software, firmware, or product; the contractor to verify that products do not contain known security vulnerabilities and to notify the purchasing agency of any known vulnerabilities or defects; the contractor to obtain a waiver from the purchasing agency for components known to be vulnerable; an agency approving a vulnerability waiver to accept all risk associated with component use; product designs to allow fixes with patches, updates, or replacements; and the contractor to provide timely repairs for discovered vulnerabilities. Directs the OMB to issue guidance requiring agencies: (1) to replace components with currently known vulnerabilities and to remove or repair any new vulnerable components that become known; and (2) to migrate to patchable, repairable, and…