Our consultants have extensive experience working on requirements for the CISA Secure Software Attestation Form that was published on March 11, 2024. REA's CTO, Dick Brooks, is a contributor to the CISA ICT_SCRM Task Force Software Assurance Buyers Guide that serves as a complement to the CISA Attestation Form helping software vendors c
Our consultants have extensive experience working on requirements for the CISA Secure Software Attestation Form that was published on March 11, 2024. REA's CTO, Dick Brooks, is a contributor to the CISA ICT_SCRM Task Force Software Assurance Buyers Guide that serves as a complement to the CISA Attestation Form helping software vendors comply with "NIST Guidance" to satisfy attestation form expectations from the US Government.
Our consultants have real world technical expertise in the design and development and implementation of solutions for secure software product risk management following cybersecurity controls defined by NIST SSDF and C-SCRM standards, identified as "NIST Guidance" under OMB M-22-18 and the CISA Secure Software Self Attestation Form.
. The Software Assurance Guardian™ Point Man™ (SAG-PM™)software is now available for download to help Companies comply with the CISA Secure Software Self Attestation Form that was approved on March 11, 2024 and SEC Cybersecurity Regulations that took effect December 2023.
The Software Assurance Guardian (SAG™) Community Trust Registry (SAG-CTR™) provides REA customers with the ability to preserve tamper-proof evidence of their SAG-PM proactive risk assessment controls in the SAG-CTR evidence locker to comply with the new SEC cybersecurity rules that go into effect in December 2023 and protect Officers and
The Software Assurance Guardian (SAG™) Community Trust Registry (SAG-CTR™) provides REA customers with the ability to preserve tamper-proof evidence of their SAG-PM proactive risk assessment controls in the SAG-CTR evidence locker to comply with the new SEC cybersecurity rules that go into effect in December 2023 and protect Officers and Directors from potential shareholder lawsuits in the event of a material cyber-incident, like ransomware.
Consumers register their trust in a software package based on the combination of Software Supplier Name and a digital signature applied to a software package, by an authorized signing party, on behalf of the software supplier. An REA customer can query the SAG-CTR™ to view the list of trusting parties for a particular software package, software supplier and authorized signing party. The more parties that trust a software package, the higher the trust a customer can have that the package is trustworthy, expressed as a SAGScore™, a concept similar to a FICO score, but for software trustworthiness. A higher SAGScore™ indicates higher trust in a software product. Software products that accumulate a critical mass of trust declarations in SAG-CTR™ are eligible to receive the SAG-STAR™ seal of approval, showing broad community trust in their software product. SAG-CTR™ is part of the SAG™ patent on file with the US Patent and Trademark Office application US11,374,961