ON-DEMAND - CIP-010-3 Software Verification for Compliance and Supply Chain Security Controls [an Energy Central Powertalk™]Posted to Energy Central in the Digital Utility Group
- May 10, 2021 10:36 pm GMT
ON-DEMAND: Energy Central PowerTalks are informative sessions presented by a thought leader in the power industry. In this PowerTalk, Dick Brooks will present a demonstration of the Software Assurance Guardian™ Point Man™ (SAG-PM™) software solution that performs the required software verification and produces evidence data, as required by the NERC standard. The important role of an SBOM as part of a software supply chain risk assessment will be covered.
Why Access On-Demand Recording:
NERC CIP-010-3 R1 Part 1.6 requires Companies to perform a software verification step and provide proof of this process for compliance purposes. Parties wishing to detect harmful software supply chain risks, before installation, will learn the 7 step process used to detect risk and establish trust in a software package before installation, as performed by SAG-PM™ and will understand why an SBOM is key to this process.
- Understand the important role of an SBOM in software supply chain risk assessments
- Learn to use risk-based scoring to determine the trustworthiness of a software object and its supply chain to proactively prevent the installation of harmful software
- Understand the type of evidence information that is produced by a software supply chain risk assessment, for use in audits
- Learn the specific language to include in a CIP-010-3 Implementation Plan that utilizes SAG-PM™ for software verification requirements
Dick Brooks Co-Founder and Lead Software Engineer, Reliable Energy Analytics LLC
Dick Brooks is a CoFounder of Reliable Energy Analytics LLC and Lead Software Engineer responsible for the patent-pending Software Assurance Guardian™ Point Man™ (SAG-PM™ ) software supply chain risk assessment application that processes both SPDX and CycloneDX SBOM formats, supported by the Department of Commerce NTIA SBOM initiative. He has received an ANSI Meritorious Service Award in recognition for his work on Energy industry standards at NAESB and the IEC.
No discussions yet. Start a discussion below.
Get Published - Build a Following
The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.
If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.