Supply Chain Assessment Flashcards
What is the purpose of supply chain assessment?
To mitigate the risks of the supply chain.
Every element (hardware, firmware, driver, OS, application) must be consistent and tamper resistant to create a trusted computing environment.
What is Due Diligence?
A legal principle identifying that best practice or reasonable care has been used when setting up, configuring and maintaining a system.
Due diligence must be conducted by both/all parties cooperating together.
Due diligence should apply to all suppliers and contractors
When conducting your Due Diligence, what are you looking for?
Properly resourced cybersecurity program
Security assurance and risk management processes
Product support life cycle
Security controls for confidential data
Incident response and forensics assistance
General and historical company information
What is the Trusted Foundry?
A microprocessor manufacturing utility that is part of a validated supply chain. (One where hardware and software does not deviate from its documented function)
Essentially it’s a means to make sure that microprocessors are secure and trusted.
Created by the DoD
What is Hardware Source Authenticity?
Ensuring that hardware is obtained tamper-free from trustworthy suppliers.
