U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.


We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

This is an archive
(replace .gov by .rip)

SP 1800-34 (Draft)

Validating the Integrity of Computing Devices (Preliminary Draft)

Date Published: August 2021
Comments Due: September 29, 2021 (public comment period is CLOSED)
Email Questions to: supplychain-nccoe@nist.gov

Planning Note (8/31/2021): 8/31/21 - 9/29/21: Comment period for Volume B: Approach, Architecture, and Security Characteristics. This preliminary draft is stable but has some gaps in its content that will be addressed in the next draft.


Tyler Diamond (NIST), Nakia Grayson (NIST), W. Polk (NIST), Andrew Regenscheid (NIST), Murugiah Souppaya (NIST), Karen Scarfone (Scarfone Cybersecurity)


Organizations throughout the world face the challenge of identifying trustworthy computing devices to function daily. Cyber supply chains are constantly at risk of compromise, whether intentional or unintentional. Once a supply chain has been compromised, the security of that device may no longer be trusted. Some cyber supply chain risks include counterfeiting, unauthorized production, and tampering. 

NIST's National Cybersecurity Center of Excellence (NCCoE) is collaborating with industry to create an example cybersecurity solution that helps organizations verify that the internal components of their computing devices are genuine and have not been tampered with. This project will result in a publicly available practice guide to help organizations decrease the risk of compromise to products in their supply chain, and in turn reduce the risk for customers and end users.




cyber supply chain risk management; devices; integrity; validation
Control Families

Configuration Management; System and Information Integrity