Global News

Radical Transparency is now a reality for Secure by Design validation

biomass
biomass - Editor

 

Business Cyber Guardian (TM), with a lot of help from my friend, the very talented and proficient Joseph Wortmann is pleased to announce availability of the open-source, free to use sag-reader app to help software consumers automate the processing of Cybersecurity and Infrastructure Security Agency Software Acquisition Guide spreadsheets submitted by software producers to validate products for CISA Secure by Design principles and practices.
The source code and installation instructions are available on GitHub at this location:
https://github.com/rjb4standards/CISASAGReader
A product SBOM and Vulnerability Disclosure Report (VDR) are also available within the CISASAGReader repository on GitHub.
Entities familiar with the Python programming language will find this app consistent with PyPi deployment and installation, a familiar environment to work with.
NOTE: sag-reader is an intelligent app that knows the Software Acquisition Guide spreadsheet questions to skip based on software producer responses. This eliminates any noise from questions that are not relevant, keeping the output to only the items that are relevant to software consumers interested in validating products as meeting Secure by Design practices, based on the CISA Software Acquisition Guide.

Now, it’s even easier for software consumers to validate software products as following CISA Secure by Design principles and practices based on the CISA Software Acquisition Guide, before purchasing or installing a product, here are the steps to follow:

  1. Download the CISA Secure by Design Software Acquisition Guide spreadsheet from CISA.
  2. Send the CISA spreadsheet to your software vendors requesting that they complete the Governance tab, at a minimum
  3. After receiving the software suppliers spreadsheet, process it using the new sag-reader app to view the vendors responses.
  4. Make a risk-based buying/installation decision based on the information displayed by sag-reader.
  5. Done – now you know if a software product and vendor follow CISA Secure by Design practices based on the CISA Software Acquisition Guide spreadsheet.

Parties familiar with Python can install the sag-reader app using pip:

pip install sag-reader

Running sag-reader is very easy, just run sag-reader –help for details, here is an example usage:

sag-reader –include-descriptions VENDOR-SAG-SPREADSHEET-RESPONSE.xls

This will display the vendors response to each CISA SAG Spreadsheet question.

 

 

TAGGED:
Share This Article
Previous Article Green Hydrogen Offtake Agreements | Energy Central
Next Article Ceasa is the country’s first supply center for solar energy – Canal Bioenergia
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Your Trusted Source for Accurate and Timely Updates!

Our commitment to accuracy, impartiality, and delivering breaking news as it happens has earned us the trust of a vast audience. Stay ahead with real-time updates on the latest events, trends.
- Advertisement -
Ad image

Popular Posts

Grid transformation – from base load and peaking to renewables and firming and how it has challenged the entire conventional setup, policy, regulations, market and operational practices!!!!

CEO of Australian Electricity Market Operator (AEMO) made an interesting comment in a webinar..."From base…

By biomass

Home-grown biogas is a promising and sustainable technology – BioEnergy Consult Blog

Home-grown biogas is a promising and sustainable technology – BioEnergy Consult Blog Skip to content…

By biomass

Unlocking the Full Potential of Asset Management: Harnessing the Power of Real-Time Field and Asset Data

Utilities and the Public Sector face historic challenges with aging infrastructure, retiring workforce, rising costs,…

By biomass