The federal government is starting a new program to develop best practices and guidelines for organizations to verify the integrity and authenticity of the hardware components of the computers, servers, and other devices they buy. The project is meant to address the growing concerns in both the government sector and enterprises about the threat of attackers and malicious insiders in the supply chain compromising hardware before it gets to the customer.
The effort is sponsored by the National Institute of Standards and Technology’s National Cybersecurity Center of Excellence and is designed to produce a set of tools and recommendations that organizations can implement on their own to help determine whether the hardware they’ve bought is authentic and has not been tampered with. The main focus of the project is to verify the link between the OEM and the ultimate end user and help identify any possible weak spots for tampering or other modifications along the way. NIST is asking for comments from interested experts and organizations until Jan. 6.
Read more at: Decipher