U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

Project Description (Initial Public Draft)

Validating the Integrity of Servers and Client Devices: Supply Chain Assurance

Date Published: November 2019
Comments Due: January 6, 2020 (public comment period is CLOSED)
Email Questions to: supplychain-nccoe@nist.gov

Author(s)

Tyler Diamond (NIST), Nakia Grayson (NIST), Celia Paulsen (NIST), W. Polk (NIST), Andrew Regenscheid (NIST), Murugiah Souppaya (NIST), Christopher Brown (MITRE)

Announcement

The National Cybersecurity Center of Excellence (NCCoE) at NIST is seeking comments on a draft project description that will focus on helping organizations decrease the risk of compromise to their information and operational technology product and service supply chain. 

The goal of this project is to document an approach to verify the supply chain integrity of computing devices at product acceptance by leveraging hardware roots of trust that are commonly included in commercial off-the-shelf personal computing devices. It will consider the computing device lifecycle starting with the manufacturing process through the delivery, acceptance, provisioning, use and disposition of the device.

The project will result in a freely available NIST Cybersecurity Practice Guide (SP 1800 series)—a detailed implementation guide of the practical steps needed to implement a cybersecurity reference design that addresses this challenge.
 

Abstract

Keywords

anti-counterfeiting; anti-tampering cyber supply chain risk management; asset management system; computing device; hardware assurance; hardware roots of trust; integrity; server security
Control Families

None selected

Documentation

Publication:
Project Description (pdf)

Supplemental Material:
Submit Comments
Project homepage

Document History:
11/22/19: Project Description (Draft)
03/26/20: Project Description (Final)

Topics

Security and Privacy

cybersecurity supply chain risk management, roots of trust

Technologies

hardware, servers

Sectors

manufacturing