Services
CISA Secure Software Attestation
CISA Secure Software Attestation
CISA Secure Software Attestation
Our consultants have extensive experience working on requirements for the CISA Secure Software Attestation Form that was published on March 11, 2024. BCG's CTO, Dick Brooks, is a contributor to the CISA ICT_SCRM Task Force Software Assurance Buyers Guide that serves as a complement to the CISA Attestation Form to verify products as "Sec
Our consultants have extensive experience working on requirements for the CISA Secure Software Attestation Form that was published on March 11, 2024. BCG's CTO, Dick Brooks, is a contributor to the CISA ICT_SCRM Task Force Software Assurance Buyers Guide that serves as a complement to the CISA Attestation Form to verify products as "Secure by Design".
BCG is performing cloud based cyber risk assessment services to help FedRamp 3PAO entities and software vendors comply with US Government Agency requirements for CISA Secure Software Attestation Forms and other artifacts, such as SBOMs, through CISA's RSAA Portal.
Our consultants have real world technical expertise in the design and development and implementation of solutions for secure software product risk management following cybersecurity controls defined by NIST SSDF and C-SCRM standards, identified as "NIST Guidance" under OMB M-22-18 and the CISA Secure Software Self Attestation Form.
. The Software Assurance Guardian™ Point Man™ (SAG-PM™)software is now available for download to help Companies comply with the CISA Secure Software Self Attestation Form that was approved on March 11, 2024 and SEC Cybersecurity Regulations that took effect December 2023.
SAG-CTR™
CISA Secure Software Attestation
CISA Secure Software Attestation
The Software Assurance Guardian (SAG™) Community Trust Registry (SAG-CTR™) provides BCG customers with the ability to preserve tamper-proof evidence of their SAG-PM proactive risk assessment controls in the SAG-CTR evidence locker to comply with the new SEC cybersecurity rules that go into effect in December 2023 and protect Officers and
The Software Assurance Guardian (SAG™) Community Trust Registry (SAG-CTR™) provides BCG customers with the ability to preserve tamper-proof evidence of their SAG-PM proactive risk assessment controls in the SAG-CTR evidence locker to comply with the new SEC cybersecurity rules that go into effect in December 2023 and protect Officers and Directors from potential shareholder lawsuits in the event of a material cyber-incident, like ransomware.
Consumers register their trust in a software package based on the combination of Software Supplier Name and a digital signature applied to a software package, by an authorized signing party, on behalf of the software supplier. A BCG customer can query the SAG-CTR™ to view the list of trusting parties for a particular software package, software supplier and authorized signing party. The more parties that trust a software package, the higher the trust a customer can have that the package is trustworthy, expressed as a SAGScore™, a concept similar to a FICO score, but for software trustworthiness. A higher SAGScore™ indicates higher trust in a software product. Software products that accumulate a critical mass of trust declarations in SAG-CTR™ are eligible to receive the SAG-STAR™ seal of approval, showing broad community trust in their software product. SAG-CTR™ is part of the SAG™ patent on file with the US Patent and Trademark Office application US11,374,961