The National Institute of Standards and Technology is soliciting public comments on its initial draft of an interagency report summarizing the presentations and discussions on semiconductor supply chain security during a recent NIST workshop.
The insights gathered from the workshop’s participants, which included representatives from government, industry and academia, will inform the development of supply chain standards and cybersecurity guidance, NIST said Wednesday.
The highlights of the report, titled “Enhancing Security of Devices and Components Across the Supply Chain,” include security issues on the hardware development lifecycle and approaches on addressing the concerns.
Among the proposed solutions for vulnerabilities in hardware development are maintaining public-private sector partnerships and adopting more meaningful security metrics.
To develop tighter security standards, the report presented various steps, such as creating metrics based on threat models, vulnerable assets and product lifecycle stages.
In addition, the report emphasized the workshop’s suggestions on securing the manufacturing environment through automated cybersecurity tools and methods.
The deadline for the submission of comments on the draft NIST report is Sept. 16.