U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

SP 1800-34 (Draft)

Validating the Integrity of Computing Devices

Date Published: June 23, 2022
Comments Due: August 8, 2022 (public comment period is CLOSED)
Email Questions to: supplychain-nccoe@nist.gov

Planning Note (7/20/2022): The comment period has been extended to August 8, 2022 (originally July 25th).

Author(s)

Jon Boyens (NIST), Tyler Diamond (NIST), Nakia Grayson (NIST), Celia Paulsen (NIST), W. Polk (NIST), Andrew Regenscheid (NIST), Murugiah Souppaya (NIST), Christopher Brown (MITRE), Chelsea Deane (MITRE), Karen Scarfone (Scarfone Cybersecurity)

Announcement

What Is This Guide About?

Technologies today rely on complex, globally distributed and interconnected supply chain ecosystems to provide reusable solutions. Organizations are increasingly at risk of cyber supply chain compromise, whether intentional or unintentional. Managing cyber supply chain risks requires, in part, ensuring the integrity, quality, and resilience of the supply chain and its products and services. This project demonstrates how organizations can verify that the internal components of their computing devices are genuine and have not been altered during the manufacturing or distribution processes.

Share Your Expertise

Please download the document and share your expertise with us to strengthen the draft practice guide. The public comment period for this draft is now open and will close on July 25th, 2022. You can stay up to date on this project by sending an email to supplychain-nccoe@nist.gov to join our Community of Interest. Also, if you have any project ideas for our team, please let us know by sending an email to the email address above. We look forward to your feedback.

Additional NIST Supply Chain Work

NIST is also working on an important effort, the National Initiative for Improving Cybersecurity in Supply Chains (NIICS) with the private sector and others in government to improve cybersecurity in supply chains. This initiative will help organizations to build, evaluate, and assess the cybersecurity of products and services in their supply chains, an area of increasing concern. For more information on this effort, you can click here.

Abstract

Keywords

computing devices; cyber supply chain; cyber supply chain risk management (C-SCRM); hardware root of trust; integrity; provenance; supply chain; tampering
Control Families

Configuration Management; System and Information Integrity

Documentation

Publication:
NIST SP 1800-34 ipd

Supplemental Material:
Project homepage (web)

Document History:
11/22/21: SP 1800-34 (Draft)
06/23/22: SP 1800-34 (Draft)