REA™ releases SAG-PM™ Version 1.1.4 with open-source enhancements and YouTube training videos

SAG-PM™ now implements an open source, free, XML schema Vendor Response File format to share risk assessment data required by NATF’s Security Assessment Model

SAG-PM (TM) now implements open source enhancements enabling software vendors to share information needed for software supply chain risk assessments following NATF SAM and NIST C-SCRM guidelines”

— Dick Brooks

WESTFIELD, MA, USA, October 19, 2021 /EINPresswire.com/ — Today, Reliable Energy Analytics, LLC (REA) is announcing the release of SAG-PM™ version 1.1.4 with enhancements that implement an open source, free to license, XML schema for a Vendor Response File format to serve as a common method for software vendors to provide their software customers with all of the information needed to conduct a software supply chain risk assessment to satisfy Executive Order 14028 and FERC Order 850 software supply chain regulations, following the North American Transmission Forum (NATF) Security Assessment Model (SAM) and National Institute of Standards and Technology (NIST) guidelines.

This release of SAG-PM™ expands on the amount of evidence data collected during a risk assessment by including information pertaining to software vendor financial data, cybersecurity policies and other company data needed to perform a comprehensive Cybersecurity Supply Chain Risk Management (C-SCRM) risk assessment following NIST and NATF guidelines. A Software Bill of Materials (SBOM) is automatically generated by SAG-PM™, if no vendor supplied SBOM is available from the software vendor, which becomes part of the collected evidence data, along with vendor supplied information regarding SDLC policies and practices and Provenance evidence data from a Product’s SDLC process, (i.e. SLSA and in-toto) when this information is provided by the software vendor. All of these evidence files, along with the SAG-PM™ risk assessment results and SAGScore™ following the patent pending SAG™ method (16/933161) are stored in a software customers evidence locker for safe keeping and use during an audit or for other purposes. With these enhancements an energy company can provide hard evidence of their cybersecurity supply chain risk management controls and measures to auditors, cyber insurers, credit rating agencies and regulatory entities, all in one complete evidence package.

REA is also pleased to announce the availability of two new YouTube training videos produced by Co-Founder and COO, Joanne Brooks, to help SAG-PM™ customers with pre-requisite installation steps and the process to install SAG-PM™ on a customer’s Windows 10 system.

REA is a proud IEEE Entrepreneurship Program Participant and an Amazon Web Services (AWS) Activate partner.

Never trust software, always verify and report! ™

Dick Brooks
Reliable Energy Analytics LLC
+1 978-696-1788
dick@reliableenergyanalytics.com