Hi All,
NIST's National Cybersecurity Center of Excellence has published for public comment a preliminary draft of Volume C of SP 1800-34, Validating the Integrity of Computing Devices.
This preliminary draft includes specific product installation, configuration, and integration instructions for building the example implementation. By releasing each volume of the practice guide as a preliminary draft, we can share the progress made to date and use the feedback received to shape other volumes of the practice guide.
Ensuring the Integrity of Cyber Supply Chain
Technologies today rely on complex, globally distributed and interconnected supply chain ecosystems to provide reusable solutions. Organizations are increasingly at risk of cyber supply chain compromise, whether intentional or unintentional. Cyber supply chain risks include counterfeiting, unauthorized production, tampering, theft, and insertion of unexpected software and hardware. Managing these risks requires ensuring the integrity of the cyber supply chain and its products and services. This practice guide can benefit organizations who want to verify that the internal components of their computing devices are genuine and have not been altered during the manufacturing and distribution process.
The public comment period for the Volume C preliminary draft is open through January 17, 2022. To receive news and updates about this project, please join the Supply Chain Assurance Community of Interest by sending an email to
[email protected].
------------------------------
Michael Roza CPA, CISA, CIA, MBA, Exec MBA
------------------------------