System and Services Acquisition
5 controls
Acquisition Process
AI Accelerator Security Features: Acquisition contracts for AI accelerators specify hardware security features as functional requirements: integrated root-of-trust with hardware-provisioned identity (...
View detailsDeveloper Testing and Evaluation
Apply SP 800-161 Rev 1 guidance [3]. Testing includes counterfeit detection, verification of component origins, examination of configuration settings, and physical inspection....
View detailsDeveloper Security and Privacy Architecture and Design
Apply SP 800-161 Rev 1 guidance [3]. Architecture decisions should address security and resilience considerations, including component selection strategies that enable availability through multiple su...
View detailsCustomized Development of Critical Components
Apply SP 800-161 Rev 1 guidance [3] for customized development of critical components where supply chain risk is unacceptable, including maintaining source code, build scripts, and tests to ensure con...
View detailsDeveloper Screening
Apply SP 800-161 Rev 1 guidance [3] for screening personnel with access to hardware development environments or critical components, including validation processes for both internal developers and key...
View details