The National Security Agency published a cybersecurity information sheet urging the implementation of a robust supply chain risk management strategy among government departments with national security systems.
The guidance is focused on the acquisition and acceptance testing of servers, laptops and desktop computers, and it encourages the use of platform certificates and trusted platform modules, or TPMs, NSA announced Thursday.
TPMs, which are small security chips that store certificate-related keys, are a required element in the enterprise computer systems purchased by the Department of Defense.
NSA is recommending that TPMs also be a requirement in NSS acquisitions by other agencies. The information sheet also underscored the importance of automated acceptance tests as a security and procurement validation tool for platform certificates from vendors and manufacturers.
