Tuesday, March 15, 2022

SBOMs and NERC CIP-013 compliance


Next Monday, I’ve been invited to discuss using SBOMs (and VEXes) during a monthly Tech Talk sponsored by RF, one of the six NERC Regional Entities that works with electric utilities to comply with the NERC standards (including the NERC CIP standards). The Tech Talk will run from 2:00 to 3:30 PM Eastern Time on March 21, and will be available at this URL. No pre-registration is required. The Tech Talk won’t be recorded.

My talk will probably start about 10-15 minutes into the program and will run (with Q&A) for about 40 minutes after that. If you’re with a NERC entity, you might want to stay around after I’m finished to listen to three very knowledgeable people from the North American Transmission Forum (NATF). They will “provide an update on supply chain risk management efforts and their proposed Implementation Guidance.”

Even though my stated topic is how SBOMs can help an electric utility comply with the NERC CIP-013 supply chain cybersecurity risk management standard, I want to point out that there will be literally nothing in my presentation that won’t be of interest to any organization (in any industry or government) that is concerned about software supply chain cybersecurity risks - and would like to know how SBOMs and VEXes can be used to mitigate those risks.

Here is alternative access information:

Meeting Number/Access Code:  2313 701 2627
Meeting Password:  0123456789
Join by Phone:  1-650-479-3207

Please join us on Slido.com using #TechTalkRF as the event code.

I’ll hope to see you there!

Any opinions expressed in this blog post are strictly mine and are not necessarily shared by any of the clients of Tom Alrich LLC. If you would like to comment on what you have read here, I would love to hear from you. Please email me at tom@tomalrich.com.

 

No comments:

Post a Comment