Services
CISA Secure Software Attestation
CISA Secure Software Attestation
CISA Secure Software Attestation
Our consultants have extensive experience working on requirements for the CISA Secure Software Attestation Form that was published on March 11, 2024. BCG's CTO, Dick Brooks, is a contributor to the CISA ICT_SCRM Task Force Software Assurance Buyers Guide that serves as a complement to the CISA Attestation Form to verify products as "Sec
Our consultants have extensive experience working on requirements for the CISA Secure Software Attestation Form that was published on March 11, 2024. BCG's CTO, Dick Brooks, is a contributor to the CISA ICT_SCRM Task Force Software Assurance Buyers Guide that serves as a complement to the CISA Attestation Form to verify products as "Secure by Design".
BCG is performing cloud based cyber risk assessment services to help FedRamp 3PAO entities and software vendors comply with US Government Agency requirements for CISA Secure Software Attestation Forms and other artifacts, such as SBOMs, through CISA's RSAA Portal.
Our consultants have real world technical expertise in the design and development and implementation of solutions for secure software product risk management following cybersecurity controls defined by NIST SSDF and C-SCRM standards, identified as "NIST Guidance" under OMB M-22-18 and the CISA Secure Software Self Attestation Form.
. The Software Assurance Guardian™ Point Man™ (SAG-PM™)software is now available for download to help Companies comply with the CISA Secure Software Self Attestation Form that was approved on March 11, 2024 and SEC Cybersecurity Regulations that took effect December 2023.
SAG-CTR™
CISA Secure Software Attestation
CISA Secure Software Attestation
The Software Assurance Guardian (SAG™) Community Trust Registry (SAG-CTR™) provides BCG customers with the ability to preserve tamper-proof evidence of their SAG-PM proactive risk assessment controls in the SAG-CTR evidence locker to comply with the new SEC cybersecurity rules that go into effect in December 2023 and protect Officers and
The Software Assurance Guardian (SAG™) Community Trust Registry (SAG-CTR™) provides BCG customers with the ability to preserve tamper-proof evidence of their SAG-PM proactive risk assessment controls in the SAG-CTR evidence locker to comply with the new SEC cybersecurity rules that go into effect in December 2023 and protect Officers and Directors from potential shareholder lawsuits in the event of a material cyber-incident, like ransomware.
Consumers register their trust in a software package based on the combination of Software Supplier Name and a digital signature applied to a software package, by an authorized signing party, on behalf of the software supplier. A BCG customer can query the SAG-CTR™ to view the list of trusting parties for a particular software package, software supplier and authorized signing party. The more parties that trust a software package, the higher the trust a customer can have that the package is trustworthy, expressed as a SAGScore™, a concept similar to a FICO score, but for software trustworthiness. A higher SAGScore™ indicates higher trust in a software product. Software products that accumulate a critical mass of trust declarations in SAG-CTR™ are eligible to receive the SAG-STAR™ seal of approval, showing broad community trust in their software product. SAG-CTR™ is part of the SAG™ patent on file with the US Patent and Trademark Office application US11,374,961
FDA 524B-small
CISA Secure Software Attestation
FDA 524B-small
Business Cyber Guardian is pleased to announce a new money back guaranteed service offering, FDA 524B-small beginning July 11, 2025 to help Medical Device Manufacturers comply with FDA final guidelines requiring NTIA compliant SBOM's, Vulnerability Disclosure Reporting (VDR) for CISA KEVs, and Support Status information as part of an
Business Cyber Guardian is pleased to announce a new money back guaranteed service offering, FDA 524B-small beginning July 11, 2025 to help Medical Device Manufacturers comply with FDA final guidelines requiring NTIA compliant SBOM's, Vulnerability Disclosure Reporting (VDR) for CISA KEVs, and Support Status information as part of an FDA application per the June 27, 2025 FDA Final Guidelines.
This service offering includes the following items:
- An NTIA SBOM artifact containing baseline attributes required by FDA guaranteed to pass online validation
- A baseline NIST Vulnerability Disclosure Report (VDR) based on NIST SP 800-161r1 RA-5 specifications listing CISA KEV status for each SBOM component CVE reported
- A skeleton Vendor Response File (VRF) containing Support Status and Commercial Status information along with other information, such as a cybersecurity label identifier link, based on IETF SCITT hackathon demonstration.
- A free SAG-PM final report (PDF) based on final artifacts produced by the medical device manufacturer and publication of an online cybersecurity label in SAG-CTR per FDA labeling recommendations.
All for as low as $5,000 USD for a small cyber device with a money back guarantee that the delivered SBOM will pass an online validation test and a NIST SBOM Vulnerability Disclosure Report will properly identify any CISA KEVs at the SBOM component level.
Complete the contact form to learn more about the FDA 524B-small service offering.