3.3 Assess Trusted Supply Chain for Critical Components
3.3 – Assess Trusted Supply Chain for Critical Components
Requirement Description
Verify whether trusted sources are being used for sourcing the components of the device — i.e., a trusted supply chain — through a managed Bill of Materials (BOM) for critical hardware components, especially those related to security functions like System-on-Chip (SoC).
DUT Confirmation Details
(To be provided by the vendor/OEM)
Device Name: [Insert Device Name]
Model Number: [Insert Model No.]
Manufacturer: [Insert Manufacturer Name]
DUT Software Details
Firmware Version: [Insert Version]
Build Date: [Insert Build Date]
Platform: [e.g., Linux-based, RTOS-based, etc.]
Hash Checksum Verification for DUT’s Software Image
Hashing Algorithm Used: SHA-256
Checksum Verified: [Insert Verified Hash]
DUT Configuration
Hardware Configuration: [Brief Description]
Security Features Enabled: [e.g., Secure Boot, TPM, etc.]
SoC/Processor: [Insert SoC Model]
Pre-Conditions
The vendor shall provide:
A complete and verified Bill of Materials (BOM) for all critical hardware components, especially those responsible for security-related operations (e.g., SoC, TPM, HSM, Crypto Chips, etc.)
Vendor-supplied documentation confirming the authenticity and origin of these components
Declaration of supply chain trust assurance policies
Test Plan
Total Number of Test Cases: 1
Validation Approach: Documentation review only
Compliance Reference: Trusted Supply Chain Standards (e.g., NIST SP 800-161)
Test-bed Diagram with Interfaces and IPs
(Attach or reference a high-level diagram showing the DUT, interfaces, and any verification system used. Include IP addresses and interface names if applicable.)
Last updated
Was this helpful?