NIST 800-53 REV 5 • SYSTEM AND SERVICES ACQUISITION

SA-10(3)Hardware Integrity Verification

Require the developer of the system, system component, or system service to enable integrity verification of hardware components.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

Supplemental Guidance

Hardware integrity verification allows organizations to detect unauthorized changes to hardware components using developer-provided tools, techniques, methods, and mechanisms. Organizations may verify the integrity of hardware components with hard-to-copy labels, verifiable serial numbers provided by developers, and by requiring the use of anti-tamper technologies. Delivered hardware components also include hardware and firmware updates to such components.

Practitioner Notes

Verify the integrity of hardware components to ensure they have not been tampered with during manufacturing, shipping, or installation.

Example 1: When receiving new hardware, inspect packaging for signs of tampering (broken seals, evidence of opening and resealing). Compare serial numbers and model numbers against the purchase order. For critical components, verify firmware versions against the manufacturer's published versions before deployment.

Example 2: Enable hardware integrity features like TPM (Trusted Platform Module) on all systems and configure them to verify boot integrity through Secure Boot and Measured Boot. If the firmware or boot loader has been tampered with, the system alerts the administrator before loading the operating system.

More System and Services Acquisition Controls

SA-1 Policy and Procedures SA-2 Allocation of Resources SA-3 System Development Life Cycle SA-3(1) Manage Preproduction Environment