U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

SP 1800-34 (Draft)

Validating the Integrity of Computing Devices (Preliminary Draft)

Date Published: November 22, 2021
Comments Due: January 17, 2022 (public comment period is CLOSED)
Email Questions to: supplychain-nccoe@nist.gov

Planning Note (11/22/2021): The Comment period for Volume C: How-To Guides, is open through 1/17/22. This preliminary draft is stable but has some gaps in its content that will be addressed in the next draft.

Author(s)

Tyler Diamond (NIST), Nakia Grayson (NIST), W. Polk (NIST), Andrew Regenscheid (NIST), Murugiah Souppaya (NIST), Christopher Brown (MITRE), Chelsea Deane (MITRE), Karen Scarfone (Scarfone Cybersecurity)

Announcement

This preliminary draft of Volume C of SP 1800-34, Validating the Integrity of Computing Devices, includes specific product installation, configuration, and integration instructions for building the example implementation. By releasing each volume of the practice guide as a preliminary draft, we can share the progress made to date and use the feedback received to shape other volumes of the practice guide.

Ensuring the Integrity of the Cyber Supply Chain

Technologies today rely on complex, globally distributed and interconnected supply chain ecosystems to provide reusable solutions. Organizations are increasingly at risk of cyber supply chain compromise, whether intentional or unintentional. Cyber supply chain risks include counterfeiting, unauthorized production, tampering, theft, and insertion of unexpected software and hardware. Managing these risks requires ensuring the integrity of the cyber supply chain and its products and services. This practice guide can benefit organizations who want to verify that the internal components of their computing devices are genuine and have not been altered during the manufacturing and distribution process.

Share Your Expertise

Please visit our webpage and scroll to the status section to download the document and share your expertise with us to strengthen the Volume C preliminary draft. The public comment period for the Volume C preliminary draft is open through January 17, 2022. To receive news and updates about this project, please join the Supply Chain Assurance Community of Interest by sending an email to supplychain-nccoe@nist.gov.

Abstract

Keywords

cyber supply chain risk management; devices; integrity; validation
Control Families

Configuration Management; System and Information Integrity

Documentation

Publication:
SP 1800-34C (Prelim. Draft) and other volumes

Supplemental Material:
Project homepage (web)

Document History:
11/22/21: SP 1800-34 (Draft)