3.3 Assess Trusted Supply Chain for Critical Components

3.3 – Assess Trusted Supply Chain for Critical Components

Requirement Description

Verify whether trusted sources are being used for sourcing the components of the device — i.e., a trusted supply chain — through a managed Bill of Materials (BOM) for critical hardware components, especially those related to security functions like System-on-Chip (SoC).

---

DUT Confirmation Details

(To be provided by the vendor/OEM)

• Device Name: [Insert Device Name]

• Model Number: [Insert Model No.]

• Manufacturer: [Insert Manufacturer Name]

---

DUT Software Details

• Firmware Version: [Insert Version]

• Build Date: [Insert Build Date]

• Platform: [e.g., Linux-based, RTOS-based, etc.]

---

Hash Checksum Verification for DUT’s Software Image

• Hashing Algorithm Used: SHA-256

• Checksum Verified: [Insert Verified Hash]

---

DUT Configuration

• Hardware Configuration: [Brief Description]

• Security Features Enabled: [e.g., Secure Boot, TPM, etc.]

• SoC/Processor: [Insert SoC Model]

---

Pre-Conditions

The vendor shall provide:

• A complete and verified Bill of Materials (BOM) for all critical hardware components, especially those responsible for security-related operations (e.g., SoC, TPM, HSM, Crypto Chips, etc.)

• Vendor-supplied documentation confirming the authenticity and origin of these components

• Declaration of supply chain trust assurance policies

---

Test Plan

• Total Number of Test Cases: 1

• Validation Approach: Documentation review only

• Compliance Reference: Trusted Supply Chain Standards (e.g., NIST SP 800-161)

---

Test-bed Diagram with Interfaces and IPs

(Attach or reference a high-level diagram showing the DUT, interfaces, and any verification system used. Include IP addresses and interface names if applicable.)