The National Cybersecurity Center of Excellence (NCoE) and National Institute of Standards and Technology (NIST) are seeking comments for a new project to improve supply chain security.
The Validating the Integrity of Servers and Client Devices project is an effort to “provide guidance that will help organizations verify that the internal components of their purchased computing devices are genuine and have not been altered during the manufacturing and distribution processes.”
The project also will demonstrate manufacturing artifacts creation, component verification during device acceptance testing, and device state verification during use of personal computing devices with hardware roots of trust.
“Organizations today face the challenge of identifying trustworthy products due to increased risk resulting from compromises in cyber supply chains,” NIST said in an email. “Cyber Supply Chain Risk Management is an evolving approach to modernizing [IT] systems, as information and operational technologies rely on complex, globally distributed and interconnected, supply-chain ecosystems to provide highly refined, cost-effective, and reusable solutions.”
The public comment period is currently open and interested parties can submit comments until Jan. 6, 2020.