Software Assurance Guardian Point Man (SAG-PM) is a software supply chain risk management (SCRM) tool that automates cyber risk detection and assessment for software products. It evaluates software against security standards and produces a SAGScore — a cybersecurity label representing the risk posture of a given software product. Key capabilities include: - SBOM (Software Bill of Materials) analysis following NTIA guidelines and NIST implementation guidelines (EO 14028) - Vulnerability Disclosure Reporting (VDR): generates "Products at Risk" reports when new CVEs are published, enabling rapid risk response as part of a Continuous Risk Monitoring program - Validation of software against CISA's Secure by Design principles and the CISA Software Acquisition Guide spreadsheet - Support for US Cyber Trust Mark label generation with a food nutrition label look and feel, using a unique ProductID (Digital DNAID) per product - Identification of "Banned Suppliers" in the software supply chain - Code signing validation, including self-signed digital certificates with corroborating evidence - Integration with SAG-CTR (SAG Cyber Trust Registry), a trust registry enforcing SCITT Registration Policies via a Gatekeeper mechanism - Support for FDA medical device cybersecurity requirements for machine-readable SBOMs and VDR - Flexible product database filtering for Supplier~Product~Version searches with partial string support SAG-PM targets software consumers, government enterprises, medical device manufacturers, and Defense Industrial Base (DIB) entities. Pricing is commercial; a companion open-source tool (CISASAGReader) is available separately for viewing CISA SAG spreadsheet vendor responses.