ID.RA-09: The authenticity and integrity of hardware and software are assessed prior to acquisition and use

Info icon.

Subcategory is new to this version of the framework and incorporates the following item from the previous version: PR.DS-8: Integrity checking mechanisms are used to verify hardware integrity.


[ Note: Subcategories do not have detailed descriptions. However NIST has provided the following implementation examples.]

Implementation Examples

Ex1: Assess the authenticity and cybersecurity of critical technology products and services prior to acquisition and use

3rd: 3rd Party Risk