• Home
  • Services
  • Products
  • Accomplishments
  • Cyber Risk Score Catalog
  • SAG Patent Pending
  • Contact Us
  • Energy Central Postings
  • REA Vendor Questionnaire
  • More
    • Home
    • Services
    • Products
    • Accomplishments
    • Cyber Risk Score Catalog
    • SAG Patent Pending
    • Contact Us
    • Energy Central Postings
    • REA Vendor Questionnaire
  • Home
  • Services
  • Products
  • Accomplishments
  • Cyber Risk Score Catalog
  • SAG Patent Pending
  • Contact Us
  • Energy Central Postings
  • REA Vendor Questionnaire
Reliable Energy Analytics

Data and Security Analytics for the Electric industry

Data and Security Analytics for the Electric industryData and Security Analytics for the Electric industry

Software Assurance Guardian Point Man™ Software

image463

Announcing the production release of SAG Point Man™ Software

The patent pending Software Assurance Guardian™ product line has been updated with the first of its kind  SAG Point Man™ software application, also known as SAG-PM™. SAG-PM™ has been developed to help protect companies from vulnerable software objects and untrustworthy parties that may have compromised the integrity of  a  software supply chain, preventing the installation of bad software into an operational system. SAG-PM performs seven critical investigative steps on a software object's installation file as part of a risk assessment process that calculates a SAGScore™, indicating a level of Trustworthiness for the software object itself and parties serving roles within the software supply  chain. These seven steps implement best practices to augment NERC CIP-010-3 using the NIST Cybersecurity Framework V1.1, as suggested by FERC in its 6/18/2020 cybersecurity White Paper, from each of their respective, ID.RA, ID.RM and ID.SC NIST functions:

  • Source Server Location and SSL Certificate Validation against "accredited Certificate Authorities" and Software Source vendor supplied information
  • Evaluate the path used to acquire a software object for possible man-in-the-middle attacks, blacklisted sites and geographic locations that may belong to entities hostile to the United States
  • Introspection of a software object's installation package resulting in a Software Bill of Materials (SBOM) that is used to identify potential risk in order to determine the trustworthiness of a software object
  •  Extensive vulnerability scan using known and trustworthy Vulnerability Databases, such as cve.Mitre.org
  • Verification of Vendor credentials and processes to ensure that each vendor in the supply chain has been properly vetted and approved as implementing trustworthy business practices and control procedures to protect against any type of taint that may impact a software objects trustworthiness
  • Verification of digitally signed software installation packages to ensure that no changes have occurred since the object was signed by the originator/Licensor of the software
  • Perform a comprehensive malware scan of the software installation package using the suite of VirusTotal  malware inspection packages

The process concludes with a final SAGScore™, indicating a trustworthiness level based on the results of these seven investigative steps. All results are stored in a file for posterity and may be presented to auditors or forensic personnel. A proof of verification record is also generated, for insertion into a Change Management System, as required by NERC CIP-010-3 R1, Part 1.6 for evidence of compliance.


Never trust software, always verify and report!™


NOTE: An Energy Central Powersession is scheduled for 8/12/2020 that goes into detail of the SAG-PM™ software supply chain risk assessment process. Now available on demand


Contact us today to arrange your demonstration of SAG Point Man™. 

Copyright © 2018 - 2020 Reliable Energy Analytics LLC - All Rights Reserved.

Powered by GoDaddy