NIST publishes a supply chain assurance practice guide for public consultation
The US National Institute of Standards and Technology (NIST) and its National Cybersecurity Center of Excellence (NCCoE) issue, for public comments, a preliminary draft – the first of three volumes of the upcoming practice guide titled validating the integrity of computing devices. The guide aims to assist organizations by (1) helping them to avoid using compromised technology components in their products, (2) enabling customers to readily verify that the products they purchased are genuine and trustworthy, and (3) preventing any information compromises within the organization, caused by acquiring and using questionable technology products. The first volume is an executive summary that explains the challenge, solution, and benefits of this project. The deadline for public comments is April 16.