Thursday, December 8 2022 Sign In   |    Register

News Quick Search



Front Page
Power News
Today's News
Yesterday's News
Week of Dec 05
Week of Nov 28
Week of Nov 21
Week of Nov 14
Week of Nov 07
By Topic
By News Partner
Gas News
News Customization


Pro Plus(+)

Add on products to your professional subscription.
  • Energy Archive News

    Home > News > Power News > News Article

    Share by Email E-mail Printer Friendly Print

    Production release of the SAG-PM™ Software Supply Chain Risk Assessment Application Now Available to Electric Utilities

    April 30, 2021 - Westfield, MA, April 28, 2021


      Reliable Energy Analytics, LLC (REA) today announced the production release of the Software Assurance Guardian™ (SAG™) Point Man™ (SAG-PM™) version 1.1.0 software supply chain risk assessment application that implements a seven-step patent pending risk assessment process. SAG-PM™ is the first commercial software supply chain risk assessment application containing full support for Department of Commerce NTIA Software Bill of Materials (SBOM) supported formats, SPDX and CycloneDX, using a patent pending process based on the NIST Cybersecurity Framework, V 1.1. By default, SAG-PM™ uses the Microsoft Defender antimalware tool for virus detection. Google’s Virus Total online malware scanning services are also accessible from SAG-PM™ as a separate option. Licenses must be purchased from Virus Total independently to use this service within SAG-PM™.

      Dick Brooks, a Co-Founder of REA said, “People with food allergies are all too familiar with the risks of consuming a product without knowing what’s inside, so they read the ingredients list, before consumption. SAG-PM™ provides a comparable level of transparency for software products, exposing any harmful software components that may be embedded in a software product – preventing it from being installed in a digital ecosystem where it can cause harm.”

      SAG-PM™ is offered on a subscription basis; $300 monthly allowing 50 risk assessments, for a minimum

      of three months ($900) or $1,800 annually allowing 600 risk assessments.

      Brooks added, “We wanted to provide a solution at a price point attractive to smaller entities that may be lacking the cybersecurity skills needed to perform a comprehensive software supply chain risk assessment, preventing them from becoming victims of a cybercrime.” Smaller entities with limited cybersecurity budgets and cybersecurity skills on staff are a frequent target of cybercrime. SAG-PM™ gives these smaller entities the benefit of having a “best practice” solution to detect software risk, in spite of these limitations.

      “Electric companies can improve their cybersecurity posture by implementing software supply chain risk management best practices,” said Lila Kee, General Manager, GlobalSign Americas. “With the increasing focus on the grid by cybercriminals it is critical for electric utilities to take further action to avoid a hack. This new offering from REA is one such step that can that make a significant difference.” Brooks stated, North American Energy Standards Board (NAESB) Accredited Certificate Authorities (ACA), such as GlobalSign, are the most trusted Certificate Authorities resulting in the highest possible SAGScore™ produced by SAG-PM™, indicating a level of trustworthiness in a software product.

      SAG-PM also includes Supply Chain Risk Management Implementation Plan language for NERC entities that must comply with the CIP-010-3 standard for software verification, requirement R1 Part 1.6.

      Energy Central is hosting a PowerTalk™ session demonstrating the SAG-PM™ software on May 6, 2021 at 1:30 PM ET. Registration is available at: verification-compliance-and-supply-chain-security-controls-energy-central

      SAG-PM™ demonstrations or subscriptions may be arranged by using the contact form, located here:

      Never trust software, always verify and report!


    Other Articles - Announcements


       Home  -  Feedback  -  Contact Us  -  Safe Sender  -  About Energy Central   
    Copyright © 1996-2022 by CyberTech, Inc. All rights reserved.
    Energy Central® and Energy Central Professional® are registered trademarks of CyberTech, Incorporated. Data and information is provided for informational purposes only, and is not intended for trading purposes. CyberTech does not warrant that the information or services of Energy Central will meet any specific requirements; nor will it be error free or uninterrupted; nor shall CyberTech be liable for any indirect, incidental or consequential damages (including lost data, information or profits) sustained or incurred in connection with the use of, operation of, or inability to use Energy Central. Other terms of use may apply. Membership information is confidential and subject to our privacy agreement.