Cybersecurity teams need to enforce SBOM mandates