Date Published: November 2019
Email Comments to:
, , , , , ,
The National Cybersecurity Center of Excellence (NCCoE) at NIST is seeking comments on a draft project description that will focus on helping organizations decrease the risk of compromise to their information and operational technology product and service supply chain.
The goal of this project is to document an approach to verify the supply chain integrity of computing devices at product acceptance by leveraging hardware roots of trust that are commonly included in commercial off-the-shelf personal computing devices. It will consider the computing device lifecycle starting with the manufacturing process through the delivery, acceptance, provisioning, use and disposition of the device.
The project will result in a freely available NIST Cybersecurity Practice Guide (SP 1800 series)—a detailed implementation guide of the practical steps needed to implement a cybersecurity reference design that addresses this challenge.
Keywords anti-counterfeiting; anti-tampering cyber supply chain risk management; asset management system; computing device; hardware assurance; hardware roots of trust; integrity; server security