NIST seeks comment on guidance for ‘validating integrity’ of computing devices, says don’t assume trustworthiness

NIST’s National Cybersecurity Center of Excellence has issued the final draft for comment of supply chain guidance crafted to help organizations verify the security of the “computing devices” they purchase.

“Organizations currently lack the ability to readily distinguish trustworthy products from others. Having this ability is a critical foundation of cyber supply chain risk management,” according to the NCCoE, which says, “Assuming that all acquired computing devices are genuine and unmodified increases the risk of a compromise affecting products in...