U.S. flag   An official website of the United States government

SP 1800-34 (Draft)

Validating the Integrity of Computing Devices (Preliminary Draft)

Date Published: March 2021
Comments Due: April 21, 2021
Email Comments to: supplychain-nccoe@nist.gov

Author(s)

Tyler Diamond (NIST), Nakia Grayson (NIST), W. Polk (NIST), Andrew Regenscheid (NIST), Murugiah Souppaya (NIST), Karen Scarfone (Scarfone Cybersecurity)

Announcement

Organizations throughout the world face the challenge of identifying trustworthy computing devices to function daily. Cyber supply chains are constantly at risk of compromise, whether intentional or unintentional. Once a supply chain has been compromised, the security of that device may no longer be trusted. Some cyber supply chain risks include counterfeiting, unauthorized production, and tampering. 

NIST's National Cybersecurity Center of Excellence (NCCoE) is collaborating with industry to create an example cybersecurity solution that helps organizations verify that the internal components of their computing devices are genuine and have not been tampered with. This project will result in a publicly available practice guide to help organizations decrease the risk of compromise to products in their supply chain, and in turn reduce the risk for customers and end users.

 

Abstract

Keywords

cyber supply chain risk management; devices; integrity; validation
Control Families

Configuration Management; System and Information Integrity

Documentation

Publication:
Prelim. Draft SP 1800-34A
Submit comments

Supplemental Material:
Submit comments (web)
Project homepage (web)

Document History:
03/17/21: SP 1800-34 (Draft)