ON-DEMAND - CIP-010-3 Software Verification for Compliance and Supply Chain Security Controls [an Energy Central Powertalk™]

Posted to Energy Central in the Digital Utility Group
image credit: Approved to use
Audra Drazga's picture
Vice President of The Power Industry Network Energy Central

I am the VP of the Energy Central Power Industry Network.  In this role, I help to connect professionals in the power industry through the development and management of topic-specific community...

  • Member since 2012
  • 990 items added with 620,312 views
  • May 10, 2021

ON-DEMAND: Energy Central PowerTalks are informative sessions presented by a thought leader in the power industry. In this PowerTalk, Dick Brooks will present a demonstration of the Software Assurance Guardian™ Point Man™ (SAG-PM™) software solution that performs the required software verification and produces evidence data, as required by the NERC standard. The important role of an SBOM as part of a software supply chain risk assessment will be covered.

Why Access On-Demand Recording:

NERC CIP-010-3 R1 Part 1.6 requires Companies to perform a software verification step and provide proof of this process for compliance purposes. Parties wishing to detect harmful software supply chain risks, before installation, will learn the 7 step process used to detect risk and establish trust in a software package before installation, as performed by SAG-PM™ and will understand why an SBOM is key to this process.

Key Takeaways:

  • Understand the important role of an SBOM in software supply chain risk assessments 
  • Learn to use risk-based scoring to determine the trustworthiness of a software object and its supply chain to proactively prevent the installation of harmful software 
  • Understand the type of evidence information that is produced by a software supply chain risk assessment, for use in audits 
  • Learn the specific language to include in a CIP-010-3 Implementation Plan that utilizes SAG-PM™ for software verification requirements 

Presented By:

Dick Brooks Co-Founder and Lead Software Engineer, Reliable Energy Analytics LLC
Dick Brooks is a CoFounder of Reliable Energy Analytics LLC and Lead Software Engineer responsible for the patent-pending Software Assurance Guardian™ Point Man™ (SAG-PM™ ) software supply chain risk assessment application that processes both SPDX and CycloneDX SBOM formats, supported by the Department of Commerce NTIA SBOM initiative. He has received an ANSI Meritorious Service Award in recognition for his work on Energy industry standards at NAESB and the IEC.

Access Slides 

Access this Presentation from Energy Central

Gain full access to this content by providing your information below, which will be shared with the sponsor.


No discussions yet. Start a discussion below.

Get Published - Build a Following

The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.

If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.

                 Learn more about posting on Energy Central »