Reliable Energy Analytics, LLC (REA) today announced the production release of the Software Assurance Guardian™ (SAG™) Point Man™ (SAG-PM™) version 1.1.0 software supply chain risk assessment application that implements a seven-step patent pending risk assessment process. SAG-PM™ is the first commercial software supply chain risk assessment application containing full support for Department of Commerce NTIA Software Bill of Materials (SBOM) supported formats, SPDX and CycloneDX, using a patent pending process based on the NIST Cybersecurity Framework, V 1.1. By default, SAG-PM™ uses the Microsoft Defender antimalware tool for virus detection. Google’s Virus Total online malware scanning services are also accessible from SAG-PM™ as a separate option. Licenses must be purchased from Virus Total independently to use this service within SAG-PM™.
Dick Brooks, a Co-Founder of REA said, “People with food allergies are all too familiar with the risks of consuming a product without knowing what’s inside, so they read the ingredients list, before consumption. SAG-PM™ provides a comparable level of transparency for software products, exposing any harmful software components that may be embedded in a software product – preventing it from being installed in a digital ecosystem where it can cause harm.”
SAG-PM™ is offered on a subscription basis; $300 monthly allowing 50 risk assessments, for a minimum
of three months ($900) or $1,800 annually allowing 600 risk assessments.
Brooks added, “We wanted to provide a solution at a price point attractive to smaller entities that may be lacking the cybersecurity skills needed to perform a comprehensive software supply chain risk assessment, preventing them from becoming victims of a cybercrime.” Smaller entities with limited cybersecurity budgets and cybersecurity skills on staff are a frequent target of cybercrime. SAG-PM™ gives these smaller entities the benefit of having a “best practice” solution to detect software risk, in spite of these limitations.
“Electric companies can improve their cybersecurity posture by implementing software supply chain risk management best practices,” said Lila Kee, General Manager, GlobalSign Americas. “With the increasing focus on the grid by cybercriminals it is critical for electric utilities to take further action to avoid a hack. This new offering from REA is one such step that can that make a significant difference.” Brooks stated, North American Energy Standards Board (NAESB) Accredited Certificate Authorities (ACA), such as GlobalSign, are the most trusted Certificate Authorities resulting in the highest possible SAGScore™ produced by SAG-PM™, indicating a level of trustworthiness in a software product.
SAG-PM also includes Supply Chain Risk Management Implementation Plan language for NERC entities that must comply with the CIP-010-3 standard for software verification, requirement R1 Part 1.6.
Energy Central is hosting a PowerTalk™ session demonstrating the SAG-PM™ software on May 6, 2021 at 1:30 PM ET. Registration is available at: https://energycentral.com/event/cip-010-3-software- verification-compliance-and-supply-chain-security-controls-energy-central
SAG-PM™ demonstrations or subscriptions may be arranged by using the contact form, located here: https://reliableenergyanalytics.com/contact-us
Never trust software, always verify and report!™