The National Security Agency is working with an industry consortium to standardize a process that would guide risk management in supply chain activities.
The agency said Wednesday it partnered with the Trusted Computing Group and Intel to launch software, standards and corresponding certification for a supply chain validation process. The process will facilitate the supply chain assessment of all computing devices including multi-vendor and multi-stage production types.
A Trusted Platform Module would then store certifications and corresponding device information that the agency’s Host Integrity at Runtime and Startup software uses for source validation. The team intends to standardize the process as an equivalent to digital background checks.
The software is available for download on the NSAÂ Cyber GitHub site.
