3.3 Assess Trusted Supply Chain for Critical Components

3.3 – Assess Trusted Supply Chain for Critical Components

Requirement Description

Verify whether trusted sources are being used for sourcing the components of the device — i.e., a trusted supply chain — through a managed Bill of Materials (BOM) for critical hardware components, especially those related to security functions like System-on-Chip (SoC).


DUT Confirmation Details

(To be provided by the vendor/OEM)

  • Device Name: [Insert Device Name]

  • Model Number: [Insert Model No.]

  • Manufacturer: [Insert Manufacturer Name]


DUT Software Details

  • Firmware Version: [Insert Version]

  • Build Date: [Insert Build Date]

  • Platform: [e.g., Linux-based, RTOS-based, etc.]


Hash Checksum Verification for DUT’s Software Image

  • Hashing Algorithm Used: SHA-256

  • Checksum Verified: [Insert Verified Hash]


DUT Configuration

  • Hardware Configuration: [Brief Description]

  • Security Features Enabled: [e.g., Secure Boot, TPM, etc.]

  • SoC/Processor: [Insert SoC Model]


Pre-Conditions

The vendor shall provide:

  • A complete and verified Bill of Materials (BOM) for all critical hardware components, especially those responsible for security-related operations (e.g., SoC, TPM, HSM, Crypto Chips, etc.)

  • Vendor-supplied documentation confirming the authenticity and origin of these components

  • Declaration of supply chain trust assurance policies


Test Plan

  • Total Number of Test Cases: 1

  • Validation Approach: Documentation review only

  • Compliance Reference: Trusted Supply Chain Standards (e.g., NIST SP 800-161)


Test-bed Diagram with Interfaces and IPs

(Attach or reference a high-level diagram showing the DUT, interfaces, and any verification system used. Include IP addresses and interface names if applicable.)

Last updated

Was this helpful?