A new SAG-PM (TM) data sheet makes it easy to compare SAG-PM (TM) to other C-SCRM and SBOM product offerings

WESTFIELD, MA, USA, November 29, 2021 /EINPresswire.com/ -- Reliable Energy Analytics, LLC (REA™) announces release 1.1.6 of the SAG-PM™, supply chain risk assessment solution supporting NIST Cybersecurity Supply Chain Risk Management (C-SCRM) standards, SP 800-161-r2 and the NTIA SBOM standards for both SPDX and CycloneDX. This version of SAG-PM™ includes the enhanced product security features found in SP 800-161-r2, scheduled for final publication in early 2022. This release also includes several important improvements and features:

• Updated Evidence Viewer Tool with enhanced ease of use features
• Full support for SPDX SBOM generation in SPDX Tag Value format, based on binary analysis or zip file contents, to support legacy application SBOM creation
• Full support for SPDX Tag Value and JSON formats for consumption purposes, needed for a NIST compliant C-SCRM/SBOM risk assessment
• Full support for CycloneDX XML and JSON formats for consumption purposes, needed for a NIST compliant C-SCRM/SBOM risk assessment
• New touchless vendor product onboarding process, minimizes customer effort to bring on a new product and or vendor into the SAG-PM Vendor Database.
• Complete support for the open-source, free to use, Vendor Response File (VRF) XML schema used by software vendors to communicate evidence data required during a NIST C-SCRM compliant risk assessment, following SP 800-161-r2 best practice
• Complete support for the open-source, free to use, Vulnerability Disclosure Report (VDR) XML schema
• Ability for software vendors to create baseline VDR’s based the results of a NIST NVD vulnerability search for each component listed in an SBOM, providing customers with the assurance that each SBOM component was sufficiently researched for potential vulnerabilities
• A new SAG-PM™ Data Sheet showing mappings of SAG-PM™ functionality to known industry standards, i.e., NIST Cybersecurity Framework V1.1, NIST C-SCRM, SP 800-161-r2, NERC CIP-013-1, NERC CIP-010-3 and the North American Transmission Forum (NATF) Security Assessment Model. This data sheet makes it easy for software vendors and consumers to compare SAG-PM™ to product offerings from other vendors of C-SCRM + SBOM solutions.
• Simplified submission of evidence data to the SAG-CTR™, Community Trust Registry™, where software consumers register their trust in software products as a means to communicate with other software consumers
• Enhanced evidence collection methods to store information required by a NIST C-SCRM risk assessment. Evidence data may be presented to auditors and other as a complete package of evidence produced during a risk assessment activity, associated with a single unique transaction Identifier.
• Integration of the latest NIST NVD REST api requiring the use of an apikey.
SAG-PM™ version 1.1.6 will be available for download beginning 12/1/2021. Interested parties may request a time limited trial version of SAG-PM™ by submitting a request on REA’s contact form at https://reliableenergyanalytics.com/contact-us

Never trust software, always verify and report! ™

Dick Brooks
Reliable Energy Analytics LLC
+1 978-696-1788
email us here

Legal Disclaimer:

EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.