Software Supply Chain Cyber-Risk Detection Solutions for Companies
Top of List for SEC Cybersecurity Regulation Solutions at Crunchbase
About Us
Our Experience
We engineer software supply chain cyber-risk detection solutions to help Companies proactively detect and mitigate CISA Known Exploited Vulnerabilities (KEV) and other software supply chain risks, to prevent cyber-breaches and comply with SEC Cybersecurity Regulations. Over 40 years of software engineering accomplishments including 14 years designing and developing ISO New England's Business Intelligence and Advanced Analytics and Risk Management platforms and Technical Architecture provides us with an intimate understanding of effective analytic functions performed across all critical infrastructure operators. Our software engineers have a deep understanding of, and experience working with, the following areas:
- Cybersecurity practices and standards for all industries
- Preservation of tamper-proof evidence for software supply chain risk management processes
- Cyber Supply Chain Risk Management (C-SCRM)
- Software Bill of Materials (SBOM) and CISA Known Exploited Vulnerabilities (KEV)
- NIST SP 800-161 guidelines for supply chain risk assessments for Cybersecurity Executive Order 14028 and SEC regulations (17 CFR 229.106)
- Top of List for SEC Cybersecurity solutions identified by Crunchbase
- Advanced statistical methods used in risk scoring
Service and Product Offerings
Providing clients with implementation support for NIST C-SCRM software supply chain risk assessment solutions (SAG-PM ™ ) and the preservation of tamper-proof evidence in SAG-CTR™ to comply with the new SEC cybersecurity rules effective December 23, 2023. SAG-PM implements the NIST Cybersecurity Framework V1.1 using Department of Commerce NTIA Software Bill of Materials (SBOM) supported formats CycloneDX and SPDX, following a patented (US11,374,961) 7-step SCRM risk assessment process to comply with SEC Cybersecurity Disclosure Regulations (17 CFR 229.106) and OMB M-22-18 requirements. The SAG-PM ™ SCRM application provides Software consumers with a transparent look at the risks in a software package, including CISA Known Exploited Vulnerabilities (KEV) that represent material cyber-risks to an organization under the new SEC regulations, proactively, prior to any attempt at installation in a Companies digital ecosystem. SAG-PM ™ is available at a price point attractive to smaller entities with limited Cybersecurity budgets and lacking cybersecurity expertise.
Why Us?
REA is a small, highly skilled and proficient software engineering organization that has grown organically since December 2018 under the leadership of Dick and Joanne Brooks, Co-Founders. We pride ourselves on developing high quality, reliable software solutions for the software supply chain risk management domain. Our flagship product SAG-PM ™ is the most mature, robust, patented software supply chain risk assessment product on the market, backed by highly proficient, professional and dedicated software engineering and staff. REA is different from other cybersecurity vendors that must answer to their venture capital investors and follow the whims of market movements. REA only answers to one group of people, our customers. We listen to what our customers want and that's what we deliver; solutions that work for the customer, that is our top priority. Yes, we are small, compared to other cybersecurity solution providers, but we will compare our commitment to customers, product quality and technical skills with anyone. We remain committed to helping customers improve their cybersecurity capabilities to defend against hacker cyber-attacks and meet SEC cybersecurity regulations (17 CFR 229.106) and other software supply chain regulations, such as NERC CIP-010. We continue to be active participants in cybersecurity policy discussions and initiatives at CISA and the IETF Supply Chain Integrity, Transparency and Trust (SCITT) work group to ensure that our SAG-PM™ and SAG-CTR™ solution remains fresh and ready to comply with regulations and cybersecurity best practices from NIST, CISA and the SEC.
Looking forward to seeing friends and colleagues at BSidesCT on September 30 hosted by Quinnipiac University; I'm doing a technical, implementation talk on the U.S. Securities and Exchange Commission Cybersecurity Regulations that take effect in December 2023, with a focus on cyber-risk detection in the software supply chain, such as Cybersecurity and Infrastructure Security Agency Known Exploited Vulnerabilities, as part of the cybersecurity process disclosure requirements (17 CFR 229.106) and the new, four-day cyber-incident reporting requirement in Form 8-K.