Date Published: November 22, 2021
Comments Due:
Email Questions to:
Planning Note (11/22/2021):
The Comment period for Volume C: How-To Guides, is open through 1/17/22. This preliminary draft is stable but has some gaps in its content that will be addressed in the next draft.
Author(s)
Tyler Diamond (NIST), Nakia Grayson (NIST), W. Polk (NIST), Andrew Regenscheid (NIST), Murugiah Souppaya (NIST), Christopher Brown (MITRE), Chelsea Deane (MITRE), Karen Scarfone (Scarfone Cybersecurity)
Announcement
This preliminary draft of Volume C of SP 1800-34, Validating the Integrity of Computing Devices, includes specific product installation, configuration, and integration instructions for building the example implementation. By releasing each volume of the practice guide as a preliminary draft, we can share the progress made to date and use the feedback received to shape other volumes of the practice guide.
Ensuring the Integrity of the Cyber Supply Chain
Technologies today rely on complex, globally distributed and interconnected supply chain ecosystems to provide reusable solutions. Organizations are increasingly at risk of cyber supply chain compromise, whether intentional or unintentional. Cyber supply chain risks include counterfeiting, unauthorized production, tampering, theft, and insertion of unexpected software and hardware. Managing these risks requires ensuring the integrity of the cyber supply chain and its products and services. This practice guide can benefit organizations who want to verify that the internal components of their computing devices are genuine and have not been altered during the manufacturing and distribution process.
Share Your Expertise
Please visit our webpage and scroll to the status section to download the document and share your expertise with us to strengthen the Volume C preliminary draft. The public comment period for the Volume C preliminary draft is open through January 17, 2022. To receive news and updates about this project, please join the Supply Chain Assurance Community of Interest by sending an email to supplychain-nccoe@nist.gov.
Organizations are increasingly at risk of cyber supply chain compromise, whether intentional or unintentional. Cyber supply chain risks include counterfeiting, unauthorized production, tampering, theft, and insertion of unexpected software and hardware. Managing these risks requires ensuring the integrity of the cyber supply chain and its products and services. This project will demonstrate how organizations can verify that the internal components of the computing devices they acquire are genuine and have not been unexpectedly altered during manufacturing or distribution processes.
Organizations are increasingly at risk of cyber supply chain compromise, whether intentional or unintentional. Cyber supply chain risks include counterfeiting, unauthorized production, tampering, theft, and insertion of unexpected software and hardware. Managing these risks requires ensuring the...
See full abstract
Organizations are increasingly at risk of cyber supply chain compromise, whether intentional or unintentional. Cyber supply chain risks include counterfeiting, unauthorized production, tampering, theft, and insertion of unexpected software and hardware. Managing these risks requires ensuring the integrity of the cyber supply chain and its products and services. This project will demonstrate how organizations can verify that the internal components of the computing devices they acquire are genuine and have not been unexpectedly altered during manufacturing or distribution processes.
Hide full abstract
Keywords
cyber supply chain risk management; devices; integrity; validation
Control Families
Configuration Management; System and Information Integrity
