U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

SP 1800-34 (Draft)

Validating the Integrity of Computing Devices (Preliminary Draft)

Date Published: March 2021
Comments Due: April 21, 2021 (public comment period is CLOSED)
Email Questions to: supplychain-nccoe@nist.gov


Tyler Diamond (NIST), Nakia Grayson (NIST), W. Polk (NIST), Andrew Regenscheid (NIST), Murugiah Souppaya (NIST), Karen Scarfone (Scarfone Cybersecurity)


Organizations throughout the world face the challenge of identifying trustworthy computing devices to function daily. Cyber supply chains are constantly at risk of compromise, whether intentional or unintentional. Once a supply chain has been compromised, the security of that device may no longer be trusted. Some cyber supply chain risks include counterfeiting, unauthorized production, and tampering. 

NIST's National Cybersecurity Center of Excellence (NCCoE) is collaborating with industry to create an example cybersecurity solution that helps organizations verify that the internal components of their computing devices are genuine and have not been tampered with. This project will result in a publicly available practice guide to help organizations decrease the risk of compromise to products in their supply chain, and in turn reduce the risk for customers and end users.




cyber supply chain risk management; devices; integrity; validation
Control Families

Configuration Management; System and Information Integrity


Prelim. Draft SP 1800-34A
Submit comments

Supplemental Material:
Submit comments (web)
Project homepage (web)

Document History:
03/17/21: SP 1800-34 (Draft)