Fortress Information Security, North American Energy Software Assurance Database (NAESAD)
Photo Gallery
 |
Fortress Information Security, North American Energy Software Assurance Database (NAESAD)
Additional Info
| Company | Fortress Information Security |
| Website | https://www.fortressinfosec.com/ |
| Company size (employees) | 100 to 499 |
| Headquarters Region | North America |
| Type of solution | Service |
Overview
The North American Energy Software Assurance Database (NAESAD) is a collaborative initiative between major critical infrastructure organizations and their vendors aimed at making crucial security information more available to enhance risk management. NAESAD enables a unified, scalable, and validated approach, resulting in more secure organizations. It is led by several major investor-owned utilities, including AEP, Southern, Xcel, and NiSource, and managed by Fortress Information Security. The database creates and shares SBOMs for software products commonly used by utilities.
Key Capabilities / Features
The North American Energy Software Assurance Database (NAESAD) consists of three different verticals allowing members to access and share critical information that enhances transparency, security, and compliance across the supply chain.
1. Software Supply Chain Security: Fortress collects, creates, and analyzes SBOMs, collects secure software development attestations, and assists with risk resolution.
2. Hardware Supply Chain Security:Fortress collects, creates, and analyzes HBOMs to ensure security of components and sub-tier manufacturers.
3. Vendor Due Diligence: Fortress collects and distributes data relating to ESG, foreign influence, financial factors, and more for informed decision-making in risk management.
How we are different
○ The North American Energy Software Assurance Database (NAESAD) is the largest inventory of software assurance data for critical infrastructure software, allowing utilities and their vendors to identify, prioritize, and fix vulnerabilities.
○ This initiative is part of a broader effort to address growing cybersecurity threats to the power grid and other critical infrastructure, which have seen an increase in sophisticated supply chain attacks like SolarWinds and Log4j.
○ The North American Energy Software Assurance Database (NAESAD) transforms the way companies analyze and mitigate risks and empowers organizations with the data to ensure reliable execution. Its industry collaboration enablement allows companies to proactively address threats through collective intelligence and shared reports.
