SAG-PM™ now implements an open source, free, XML schema Vendor Response File format to share risk assessment data required by NATF’s Security Assessment Model
WESTFIELD, MA, USA, October 19, 2021 /EINPresswire.com/ — Today, Reliable Energy Analytics, LLC (REA) is announcing the release of SAG-PM™ version 1.1.4 with enhancements that implement an open source, free to license, XML schema for a Vendor Response File format to serve as a common method for software vendors to provide their software customers with all of the information needed to conduct a software supply chain risk assessment to satisfy Executive Order 14028 and FERC Order 850 software supply chain regulations, following the North American Transmission Forum (NATF) Security Assessment Model (SAM) and National Institute of Standards and Technology (NIST) guidelines.
This release of SAG-PM™ expands on the amount of evidence data collected during a risk assessment by including information pertaining to software vendor financial data, cybersecurity policies and other company data needed to perform a comprehensive Cybersecurity Supply Chain Risk Management (C-SCRM) risk assessment following NIST and NATF guidelines. A Software Bill of Materials (SBOM) is automatically generated by SAG-PM™, if no vendor supplied SBOM is available from the software vendor, which becomes part of the collected evidence data, along with vendor supplied information regarding SDLC policies and practices and Provenance evidence data from a Product’s SDLC process, (i.e. SLSA and in-toto) when this information is provided by the software vendor. All of these evidence files, along with the SAG-PM™ risk assessment results and SAGScore™ following the patent pending SAG™ method (16/933161) are stored in a software customers evidence locker for safe keeping and use during an audit or for other purposes. With these enhancements an energy company can provide hard evidence of their cybersecurity supply chain risk management controls and measures to auditors, cyber insurers, credit rating agencies and regulatory entities, all in one complete evidence package.
REA is also pleased to announce the availability of two new YouTube training videos produced by Co-Founder and COO, Joanne Brooks, to help SAG-PM™ customers with pre-requisite installation steps and the process to install SAG-PM™ on a customer’s Windows 10 system.
REA is a proud IEEE Entrepreneurship Program Participant and an Amazon Web Services (AWS) Activate partner.
Never trust software, always verify and report! ™
Reliable Energy Analytics LLC