SAG-PM ™ version 1.1.3 simplifies the creation and consumption of SBOM NTIA for software vendors and consumers
SAG-PM ™ version 1.1.3 makes it easier for consumers and software vendors to get started with SBOM than ever before. Just ask your suppliers for an SBOM to get started.
– Joanne Brooks, co-founder of REA
WESTFIELD, MA, United States, Aug 23, 2021 /EINPresswire.com/ – Reliable Energy Analytics LLC (REA) is pleased to announce the commercial availability of its flagship product C-SCRM product, SAG-PM™ Version 1.1.3, with support for NTIA SBOM, in accordance with NIST Cybersecurity C-SCRM best practices, enabling consumers and software vendors to easily create and use NTIA-compliant SBOMs, today ‘hui.
SAG-PM ™ version 1.1.3 is the first commercial, patent-pending (16/933161) Cyber Supply Chain Risk Management (C-SCRM) product to meet President Biden’s May 12 requirements. , Cybersecurity Executive Order (EO), 14028 for Minimum Elements of NTIA Software Nomenclature (SBOM) using the NTIA recommended “major component” method for product identification, and “critical software”, defined by NIST.
Federal agencies, their software vendors, and other entities subject to EO 14028 can download and install SAG-PM ™ today to begin implementing NTIA SBOM and chain cybersecurity protections. software provisioning, proactively, before any attempt to distribute or install any software. product, preventing the installation of ransomware and other forms of malware. SAG-PM ™ was designed to help software vendors and consumers meet all government SBOM cybersecurity requirements contained in Section 4, Improving Software Supply Chain Security, of OE 14028, and NTIA’s minimum SBOM element requirement.
This release of SAG-PM ™ extends support to software vendors, enabling the simplified creation of NTIA-compliant SBOMs in the SPDX Tag / Value format. Software vendors can use SAG-PM ™ to generate an SBOM for their software products by providing a “zipped” copy of the software objects used in their build process as input to SAG-PM ™, thus eliminating the need for a vendor. software to implement intrusive software. technical changes made to the software creation process. The process of building legacy software remains unchanged with this SBOM building approach, saving the vendor time, money, and effort by eliminating changes to the build process and having to debug all software. problems that can be introduced. SAG-PM ™ will create an NTIA compliant SPDX tag / value SBOM of compressed software objects and perform a software supply chain risk assessment, at the same time providing a software vendor with information on any risk that may be present, before the distribution. products to customers.
This release also provides software vendors with an easy-to-use method to help their customers easily incorporate product SBOM and other data, i.e. questionnaire data, into customer C-SCRM processes. . REA provides software vendors with data models that are used to describe their software products in a machine-readable (XML) format. A software vendor “populates” the template with information describing their products, including the location of SBOM data files, which are then provided to customers through the vendor’s controlled access customer portal. SAG-PM ™ customers use this vendor-supplied data to update their local SAG-PM ™ vendor database, greatly simplifying the customer’s setup process when a new product version is released.
As with all versions of SAG-PM ™, REA continues to provide C-SCRM SBOM cybersecurity solutions for all critical infrastructure operators, in accordance with President Biden’s July 28 cybersecurity memorandum, and others. sectors, including health, telecommunications, finance, insurance, manufacturing. , utilities, non-profit and government organizations in addition to the energy industry. REA applies the “Secure by Design” principles in all of its software developments, operations and business practices.
SAG-PM ™ version 1.1.3 makes it easier for consumers and software vendors to get started with SBOM than ever before. Software consumers who want to start using SBOM need only ask their software vendors to provide an SBOM – that will get the ball rolling.
Never trust software, always check and report! ™
Reliable Energy Analytics LLC
write us here