Content update

SBOM/en/0x10-Introduction.md

@@ -64,11 +64,13 @@ CycloneDX provides advanced supply chain capabilities for cyber risk reduction.
 * Software-as-a-Service Bill of Materials (SaaSBOM)
 * Hardware Bill of Materials (HBOM)
 * Machine Learning Bill of Materials (ML-BOM)
+* Cryptography Bill of Materials (CBOM)
 * Operations Bill of Materials (OBOM)
 * Manufacturing Bill of Materials (MBOM)
 * Bill of Vulnerabilities (BOV)
 * Vulnerability Disclosure Report (VDR)
 * Vulnerability Exploitability eXchange (VEX)
+* CycloneDX Attestations (CDXA)
 * Common Release Notes Format
 
 <div style="page-break-after: always; visibility: hidden">
@@ -100,6 +102,13 @@ privacy, safety, and ethical considerations. CycloneDX standardizes model cards
 and datasets can be used independently or combined with the inventory of software and hardware components or services 
 defined in HBOMs, SBOMs, and SaaSBOMs.
 
+###  Cryptography Bill of Materials (CBOM)
+A Cryptography Bill of Materials (CBOM) describes cryptographic assets and their dependencies. Discovering, managing,
+and reporting on cryptographic assets is necessary as the first step on the migration journey to quantum-safe systems
+and applications. Cryptography is typically buried deep within components that are used to compose and build systems
+and applications. As part of an agile cryptographic approach, organizations should seek to understand what cryptographic
+assets they are using and facilitate the assessment of the risk posture to provide a starting point for mitigation.
+
 ### Operations Bill of Materials (OBOM)
 OBOMs provide a full-stack inventory of runtime environments, configurations, and additional dependencies. CycloneDX is a
 full-stack bill of materials standard supporting entire runtime environments consisting of hardware, firmware, containers,
@@ -134,6 +143,11 @@ subset of VDR. Oftentimes, products are not affected by a vulnerability simply b
 component. VEX allows software vendors and other parties to communicate the exploitability status of vulnerabilities,
 providing clarity on the vulnerabilities that pose a risk and the ones that do not.
 
+### CycloneDX Attestations (CDXA)
+CycloneDX Attestations enable organizations to communicate security standards, claims and evidence about security 
+requirements, and attestations to the veracity and completeness of those claims. CycloneDX Attestations is a way to 
+manage "compliance as code."
+
 ### Common Release Notes Format
 CycloneDX standardizes release notes into a common, machine-readable format. This capability unlocks new workflow
 potential for software publishers and consumers alike. This functionality works with or without the Bill of Materials

SBOM/en/0x15-Object-Model.md

@@ -87,6 +87,21 @@ individuals or organizations. Annotations can be independently signed and verifi
 
 ![Annotations](../../images/Object-Model/Annotations.svg)
 
+### Definitions
+Standards, requirements, levels, and all supporting documentation are defined here. CycloneDX provides a general-purpose,
+machine-readable way to define virtually any type of standard. Security standards such as OWASP ASVS, MASVS, SCVS, and 
+SAMM are available in CycloneDX format. Standards from other bodies are available as well. Additionally, organizations
+can create internal standards and represent them in CycloneDX.
+
+![Definitions](../../images/Object-Model/Definitions.svg)
+
+### Declarations
+Declarations describe the conformance to standards. Each declaration may include attestations, claims, counter-claims, 
+evidence, counter-evidence, along with conformance and confidence. Signatories can also be declared and supports both
+digital and analog signatures. Declarations provide the basis for "compliance-as-code".
+
+![Declarations](../../images/Object-Model/Declarations.svg)
+
 ### Extensions
 Multiple extension points exist throughout the CycloneDX object model, allowing fast prototyping of new capabilities and
 support for specialized and future use cases. The CycloneDX project maintains extensions that are beneficial to the
@@ -101,10 +116,10 @@ CycloneDX can be represented in JSON, XML, and Protocol Buffers (protobuf) and h
 | **Format** | **Resource**  | **URL**                                          |
 |------------|---------------|--------------------------------------------------|
 | JSON       | Documentation | https://cyclonedx.org/docs/latest/json/          |
-| JSON       | Schema        | https://cyclonedx.org/schema/bom-1.5.schema.json |
+| JSON       | Schema        | https://cyclonedx.org/schema/bom-1.6.schema.json |
 | XML        | Documentation | https://cyclonedx.org/docs/latest/xml/           |
-| XML        | Schema        | https://cyclonedx.org/schema/bom-1.5.xsd         |
-| Protobuf   | Schema        | https://cyclonedx.org/schema/bom-1.5.proto       |
+| XML        | Schema        | https://cyclonedx.org/schema/bom-1.6.xsd         |
+| Protobuf   | Schema        | https://cyclonedx.org/schema/bom-1.6.proto       |
 
 
 CycloneDX relies exclusively on JSON Schema, XML Schema, and protobuf for validation. The entirety of the specification