Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST IR 8517 (Initial Public Draft)

Hardware Security Failure Scenarios: Potential Weaknesses in Hardware Design

Date Published: June 13, 2024
Comments Due: July 31, 2024
Email Comments to:


Peter Mell (NIST), Irena Bojanova (NIST)


There is an incorrect and widespread assumption that hardware is inherently secure. However, this report documents numerous potential security failures that can occur in hardware. It also demonstrates the diverse ways in which hardware can be vulnerable.

The authors leveraged existing work on hardware weaknesses to provide a catalog of 98 security failure scenarios. Each of these is a succinct statement that describes how hardware can be exploited, where such an exploitation can occur, and what kind of damage is possible. This should raise awareness of the many types of hardware security issues that can occur.

NOTE: A call for patent claims is included on page ii of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy – Inclusion of Patents in ITL Publications.



chips; design; failures; hardware; scenarios; security; vulnerability; weakness
Control Families

None selected


Download URL

Supplemental Material:
None available

Document History:
06/13/24: IR 8517 (Draft)


Security and Privacy

risk management