SI-7(4) — Tamper-evident Packaging

Use tamper-evident packaging for software and hardware shipments so you can detect if something was altered during transit.

Example 1: When receiving new hardware (servers, networking equipment), verify that tamper-evident seals on the packaging are intact before accepting delivery. Photograph the seals and packaging as part of your receiving process. Report any broken seals to the vendor and your security team.

Example 2: For software delivered on physical media (like firmware update USBs from vendors), verify the hash of the files against the vendor's published hash values before installing. If the hashes do not match, the media may have been tampered with during shipping.