SAG patent US11,374,961 is publicly accessible on Google Patents
METHODS FOR VERIFICATION OF SOFTWARE OBJECT AUTHENTICITY AND INTEGRITY has been assigned patent number 11,374,961 with an issue date of June 28, 2022.
The Software Assurance Guardian™ (SAG ™) software has been designed specifically to identify cyber-risk, i.e. CISA KEV's and suspect software objects that may cause harm. The SAG patent describes the most comprehensive Software Supply Chain Risk Assessment methodology to verify software object and supply chain integrity and authenticity following the NIST Cybersecurity Framework and Guidance to satisfy CISA Secure Software Attestation Form requirements identified as NIST Guidance in OMB M-22-18. GSA has announced plans to begin collecting secure software attestation forms from software vendors beginning Jun 8, 2024.
A software object is defined as any digital object that contains software or is constructed by software or is considered software, that is needed to manage and/or operate a digital device correctly to perform a desired function, as expected by an end user or consumer of that software object and/or digital device. This SAG process uses corroborating evidence gathered using thorough risk assessment techniques to determine the trust level (trustworthiness) assigned to a software object, called a SAGScore™, across 7 risk categories, considering 39 independent risk factors, adhering to NIST Guidance, i.e. SP 800-161r1 and other NIST SBOM Guidance Documents . Smaller critical infrastructure operators, lacking the cyber security skills needed to perform a thorough verification of software integrity and authenticity, can use Business Cyber Guardian ™ (BCG) SAG Software and the SAG-CTR Trust Registry Risk Assessment Services to gain the benefits of “best practices” for verifying software object trustworthiness before installation in a digital ecosystem, and while the product is in use, to warn of new risks from vulnerabilities.
Simply identifying a suspect software object may be sufficient to protect a critical infrastructure operator from installing malicious software into their digital assets, but what about all the other critical infrastructure operators – wouldn’t it be nice if a bad actor, once identified, could be made known to other companies so that they don’t become victims. Consumers can lookup a software trust score in SAG-CTR™ before buying or installing a software product. SAG-CTR™ has been designed to be a one-stop shop to locate trusted digital products, such as those products that have achieved the US Trust Mark and are listed in the FCC product registry, EU products with the CE Mark and other trusted products that have been subjected to a security risk assessment process, such as the SAG process used to calculate a SAGScore™
In summary, the Software Assurance Guardian™ patented technology is designed to proactively help critical infrastructure operators, both large and small, detect cyber-risk, such as CISA KEV's,to keep critical infrastructure operations safe from disruption.
The first software product in the Software Assurance Guardian product family, SAG Point Man™ is now available for demonstrations, visit the SAG-PM™ site for details.
Never trust software, always verify and report! ™
Risk always exists, but trust must be earned and awarded. Ask for the trust score (SAGScore™).
A brief presentation is available to interested parties upon request.
Copyright © 2018 - 2024 Business Cyber Guardian a Reliable Energy Analytics LLC Company- All Rights Reserved.
Powered by GoDaddy