U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

SP 1800-34 (Draft)

Validating the Integrity of Computing Devices (Preliminary Draft)

Date Published: August 2021
Comments Due: September 29, 2021 (public comment period is CLOSED)
Email Questions to: supplychain-nccoe@nist.gov

Planning Note (8/31/2021): 8/31/21 - 9/29/21: Comment period for Volume B: Approach, Architecture, and Security Characteristics. This preliminary draft is stable but has some gaps in its content that will be addressed in the next draft.

Author(s)

Tyler Diamond (NIST), Nakia Grayson (NIST), W. Polk (NIST), Andrew Regenscheid (NIST), Murugiah Souppaya (NIST), Karen Scarfone (Scarfone Cybersecurity)

Announcement

Organizations throughout the world face the challenge of identifying trustworthy computing devices to function daily. Cyber supply chains are constantly at risk of compromise, whether intentional or unintentional. Once a supply chain has been compromised, the security of that device may no longer be trusted. Some cyber supply chain risks include counterfeiting, unauthorized production, and tampering. 

NIST's National Cybersecurity Center of Excellence (NCCoE) is collaborating with industry to create an example cybersecurity solution that helps organizations verify that the internal components of their computing devices are genuine and have not been tampered with. This project will result in a publicly available practice guide to help organizations decrease the risk of compromise to products in their supply chain, and in turn reduce the risk for customers and end users.

 

Abstract

Keywords

cyber supply chain risk management; devices; integrity; validation
Control Families

Configuration Management; System and Information Integrity