Hi All,
The NSA just published "Procurement and Acceptance Testing Guide for Servers, Laptops, and Desktop Computers."
The guidance in this cybersecurity information sheet (CSI) assumes that organizations procuring the equipment have already implemented a Supply Chain Risk Management (SCRM) process in accordance with NIST SP 800-161 "Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations". [1] This guidance is intended to augment those processes with suggested procurement guidance and risk mitigation processes to ensure that enterprise-grade servers, laptops, and desktops are procured with a robust set of security artifacts, configurations, and capabilities
------------------------------
Michael Roza CPA, CISA, CIA, CC, MBA, Exec MBA
------------------------------