The patent pending Software Assurance Guardian™ product line has been updated with the first of its kind SAG Point Man™ software application, also known as SAG-PM™. SAG-PM™ has been developed to help protect companies from vulnerable software objects and untrustworthy parties that may have compromised the integrity of a software supply chain, preventing the installation of bad software into an operational system. SAG-PM performs seven critical investigative steps on a software object's installation file as part of a comprehensive software supply chain risk assessment process that calculates a SAGScore™, indicating a level of Trustworthiness for the software object itself and parties serving roles within the software supply chain. These seven steps implement best practices to augment NERC CIP-010-3 using the NIST Cybersecurity Framework V1.1, as suggested by FERC in its 6/18/2020 cybersecurity White Paper, from each of their respective, ID.RA, ID.RM and ID.SC NIST functions:
The process concludes with a final SAGScore™, indicating a trustworthiness level based on the results of these seven investigative steps. All results are stored in a file for posterity and may be presented to auditors or forensic personnel. A proof of verification record is also generated, for insertion into a Change Management System, as required by NERC CIP-010-3 R1, Part 1.6 for evidence of compliance.
Never trust software, always verify and report!™
NOTE: An Energy Central Powersession is scheduled for 8/12/2020 that goes into detail of the SAG-PM™ software supply chain risk assessment process. Now available on demand
Contact us today to arrange your demonstration of SAG Point Man™.