ย
Business Cyber Guardian (TM), with a lot of help from my friend, the very talented and proficient Joseph Wortmann is pleased to announce availability of the open-source, free to use sag-reader app to help software consumers automate the processing of Cybersecurity and Infrastructure Security Agency Software Acquisition Guide spreadsheets submitted by software producers to validate products for CISA Secure by Design principles and practices.
The source code and installation instructions are available on GitHub at this location:
https://github.com/rjb4standards/CISASAGReader
A product SBOM and Vulnerability Disclosure Report (VDR) are also available within the CISASAGReader repository on GitHub.
Entities familiar with the Python programming language will find this app consistent with PyPi deployment and installation, a familiar environment to work with.
NOTE: sag-reader is an intelligent app that knows the Software Acquisition Guide spreadsheet questions to skip based on software producer responses. This eliminates any noise from questions that are not relevant, keeping the output to only the items that are relevant to software consumers interested in validating products as meeting Secure by Design practices, based on the CISA Software Acquisition Guide.
Now, it’s even easier for software consumers to validate software products as following CISA Secure by Design principles and practices based on the CISA Software Acquisition Guide, before purchasing or installing a product, here are the steps to follow:
- Download the CISA Secure by Design Software Acquisition Guide spreadsheet from CISA.
- Send the CISA spreadsheet to your software vendors requesting that they complete the Governance tab, at a minimum
- After receiving the software suppliers spreadsheet, process it using the new sag-reader app to view the vendors responses.
- Make a risk-based buying/installation decision based on the information displayed by sag-reader.
- Done – now you know if a software product and vendor follow CISA Secure by Design practices based on the CISA Software Acquisition Guide spreadsheet.
Parties familiar with Python can install the sag-reader app using pip:
pip install sag-reader
Running sag-reader is very easy, just run sag-reader –help for details, here is an example usage:
sag-reader –include-descriptions VENDOR-SAG-SPREADSHEET-RESPONSE.xls
This will display the vendors response to each CISA SAG Spreadsheet question.
ย
ย