ON-DEMAND - CIP-010-3 Software Verification for Compliance and Supply Chain Security Controls [an Energy Central Powertalk™]Posted to Energy Central in the Digital Utility Group
image credit: Approved to use
- May 10, 2021 10:30 pm GMTMay 10, 2021 10:36 pm GMT
- 101 views
ON-DEMAND: Energy Central PowerTalks are informative sessions presented by a thought leader in the power industry. In this PowerTalk, Dick Brooks will present a demonstration of the Software Assurance Guardian™ Point Man™ (SAG-PM™) software solution that performs the required software verification and produces evidence data, as required by the NERC standard. The important role of an SBOM as part of a software supply chain risk assessment will be covered.
Why Access On-Demand Recording:
NERC CIP-010-3 R1 Part 1.6 requires Companies to perform a software verification step and provide proof of this process for compliance purposes. Parties wishing to detect harmful software supply chain risks, before installation, will learn the 7 step process used to detect risk and establish trust in a software package before installation, as performed by SAG-PM™ and will understand why an SBOM is key to this process.
- Understand the important role of an SBOM in software supply chain risk assessments
- Learn to use risk-based scoring to determine the trustworthiness of a software object and its supply chain to proactively prevent the installation of harmful software
- Understand the type of evidence information that is produced by a software supply chain risk assessment, for use in audits
- Learn the specific language to include in a CIP-010-3 Implementation Plan that utilizes SAG-PM™ for software verification requirements
Dick Brooks Co-Founder and Lead Software Engineer, Reliable Energy Analytics LLC
Dick Brooks is a CoFounder of Reliable Energy Analytics LLC and Lead Software Engineer responsible for the patent-pending Software Assurance Guardian™ Point Man™ (SAG-PM™ ) software supply chain risk assessment application that processes both SPDX and CycloneDX SBOM formats, supported by the Department of Commerce NTIA SBOM initiative. He has received an ANSI Meritorious Service Award in recognition for his work on Energy industry standards at NAESB and the IEC.