NCCoE Releases Volume C Preliminary Draft of the Supply Chain Assurance Practice Guide

NIST

View As Web Page

Communication Network

National Cybersecurity Center of Excellence

Comments Requested on Volume C of the Supply Chain Assurance Practice Guide 

NIST's National Cybersecurity Center of Excellence has published for public comment a preliminary draft of Volume C of SP 1800-34, Validating the Integrity of Computing Devices. This preliminary draft includes specific product installation, configuration, and integration instructions for building the example implementation. By releasing each volume of the practice guide as a preliminary draft, we can share the progress made to date and use the feedback received to shape other volumes of the practice guide.

Ensuring the Integrity of Cyber Supply Chain

Technologies today rely on complex, globally distributed and interconnected supply chain ecosystems to provide reusable solutions. Organizations are increasingly at risk of cyber supply chain compromise, whether intentional or unintentional. Cyber supply chain risks include counterfeiting, unauthorized production, tampering, theft, and insertion of unexpected software and hardware. Managing these risks requires ensuring the integrity of the cyber supply chain and its products and services. This practice guide can benefit organizations who want to verify that the internal components of their computing devices are genuine and have not been altered during the manufacturing and distribution process.

Share Your Expertise

Please visit our webpage and scroll to the status section to download the document and share your expertise with us to strengthen the Volume C preliminary draft. The public comment period for the Volume C preliminary draft is open through January 17, 2022. To receive news and updates about this project, please join the Supply Chain Assurance Community of Interest by sending an email to supplychain-nccoe@nist.gov.

Comment Now

NIST Cybersecurity and Privacy Program
NIST Applied Cybersecurity Division (ACD)
National Cybersecurity Center of Excellence (NCCoE)
Questions/Comments about this notice: supplychain-nccoe@nist.gov 
NCCoE Website questions: nccoe@nist.gov