Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

White Paper (Draft)

[Project Description] Validating the Integrity of Servers and Client Devices: Supply Chain Assurance

Date Published: November 2019
Comments Due: January 6, 2020
Email Comments to: supplychain-nccoe@nist.gov

Author(s)

Tyler Diamond (NIST), Nakia Grayson (NIST), Celia Paulsen (NIST), W. Polk (NIST), Andrew Regenscheid (NIST), Murugiah Souppaya (NIST), Christopher Brown (MITRE)

Announcement

The National Cybersecurity Center of Excellence (NCCoE) at NIST is seeking comments on a draft project description that will focus on helping organizations decrease the risk of compromise to their information and operational technology product and service supply chain. 

The goal of this project is to document an approach to verify the supply chain integrity of computing devices at product acceptance by leveraging hardware roots of trust that are commonly included in commercial off-the-shelf personal computing devices. It will consider the computing device lifecycle starting with the manufacturing process through the delivery, acceptance, provisioning, use and disposition of the device.

The project will result in a freely available NIST Cybersecurity Practice Guide (SP 1800 series)—a detailed implementation guide of the practical steps needed to implement a cybersecurity reference design that addresses this challenge.
 

Abstract

Keywords

anti-counterfeiting; anti-tampering cyber supply chain risk management; asset management system; computing device; hardware assurance; hardware roots of trust; integrity; server security
Control Families

None selected

Documentation

Publication:
Project Description

Supplemental Material:
Submit Comments (other)
Project homepage (other)

Topics

Security and Privacy
cyber supply chain risk management; roots of trust

Technologies
hardware; servers

Sectors
manufacturing