The National Academies Press

Currently Skimming:

3 Presentation Abstracts
Pages 21-30

The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.

From page 21... ... DoD formalized and consolidated its policy in 2012 and issued DoD Instruction 5200.44, which addressed supply chain risk management by requiring use of trusted suppliers for critical ASICs and implementing a program protection plan as part of the acquisition cycle. Current State of Access to Trusted ASIC Production Over the years, Air Force organizations and a host of programs of record used IBM and the Trusted Foundry Program to support all stages of the acquisition process from research through sustainment. Read the entire page →
From page 22... ... Looking ahead, DoD must move to an alternative model that enables "both trust and access to needed microelectronics capability from the commercial marketplace."3 This long-term trusted foundry strategy will improve DoD's ability to evaluate microelectronic components, protect designs from espionage or manipulation, and transition advanced technologies that permit the use of commercial sources for sensitive applications that require trust. Defense MicroElectronics Activity -- Dan Marrujo The Trusted Foundry Program was established as a joint effort between DoD and the NSA in response to Deputy Secretary of Defense Paul Wolfowitz's Defense Trusted IC Strategy issued in 2003. Read the entire page →
From page 23... ... Air Force have heightened the need to protect critical Air Force technologies and collateral data. The AFOSI Technology Protection Program provides focused, comprehensive counterintelligence and core mission investigative services to safeguard Air Force research and development, technologies, acquisitions, programs, critical program information, personnel, and facilities. Read the entire page →
From page 24... ... Guidance is lacking on the best combinations of effective protection methods (e.g., information assurance, anti-tamper, hardware assurance and software assurance, trusted suppliers, trusted foundry programs, operations security, and test and verification) for embedded systems for different missions, operating environment, and threat models. Read the entire page →
From page 25... ... The goal to simply reduce the risk of counterfeit parts has now expanded to include component criticality analysis, malicious insertion, anonymity plans, covered defense information protection, provenance mapping, component pedigree, and trusted suppliers. A significant knowledge and awareness gap throughout the Read the entire page →
From page 26... ... In addition, consistent with past practices and initiatives, continued government involvement will be required to ensure a responsive industrial supply base for the products and technologies required for future space systems. Kansas City National Security Campus -- Kent Devenport The world threat environment has changed significantly over the course of the last decade, requiring the Defense Industrial Base, including the National Laboratories and production facilities of the National Nuclear Security Administration (NNSA) Read the entire page →
From page 27... ... program to ensure safe, secure and effective nuclear weapon stockpile, and a Supply Chain Risk Management (SCRM) program to ensure malicious hardware or software are prevented entry into the NSE supply chain. Read the entire page →
From page 28... ... #11, "Develop a Multi-Pronged Approach for Global Supply Chain Risk Management." In October 2012, NIST published NIST Interagency Report 7622, Notional Supply Chain Risk Management Practices for Federal Information Systems, containing a catalogue of potential ICT SCRM methods and practices centered around increasing an organization's visibility into and understanding of how the technology they acquire is developed, integrated, and deployed, thus enabling them to make risk-based acquisition decisions and develop mitigating strategies. In 2015, NIST published NIST Special Publication (SP) Read the entire page →
From page 29... ... 4 can help with ICT supply chain risk mitigation. Chapter 3 of NIST SP 800-161 identifies these controls and provides supplementary guidance for their application to ICT SCRM. Read the entire page →

From page 21...

... DoD formalized and consolidated its policy in 2012 and issued DoD Instruction 5200.44, which addressed supply chain risk management by requiring use of trusted suppliers for critical ASICs and implementing a program protection plan as part of the acquisition cycle. Current State of Access to Trusted ASIC Production Over the years, Air Force organizations and a host of programs of record used IBM and the Trusted Foundry Program to support all stages of the acquisition process from research through sustainment.

Read the entire page →

From page 22...

... Looking ahead, DoD must move to an alternative model that enables "both trust and access to needed microelectronics capability from the commercial marketplace."3 This long-term trusted foundry strategy will improve DoD's ability to evaluate microelectronic components, protect designs from espionage or manipulation, and transition advanced technologies that permit the use of commercial sources for sensitive applications that require trust. Defense MicroElectronics Activity -- Dan Marrujo The Trusted Foundry Program was established as a joint effort between DoD and the NSA in response to Deputy Secretary of Defense Paul Wolfowitz's Defense Trusted IC Strategy issued in 2003.

Read the entire page →

From page 23...

... Air Force have heightened the need to protect critical Air Force technologies and collateral data. The AFOSI Technology Protection Program provides focused, comprehensive counterintelligence and core mission investigative services to safeguard Air Force research and development, technologies, acquisitions, programs, critical program information, personnel, and facilities.

Read the entire page →

From page 24...

... Guidance is lacking on the best combinations of effective protection methods (e.g., information assurance, anti-tamper, hardware assurance and software assurance, trusted suppliers, trusted foundry programs, operations security, and test and verification) for embedded systems for different missions, operating environment, and threat models.

Read the entire page →

From page 25...

... The goal to simply reduce the risk of counterfeit parts has now expanded to include component criticality analysis, malicious insertion, anonymity plans, covered defense information protection, provenance mapping, component pedigree, and trusted suppliers. A significant knowledge and awareness gap throughout the

Read the entire page →

From page 26...

... In addition, consistent with past practices and initiatives, continued government involvement will be required to ensure a responsive industrial supply base for the products and technologies required for future space systems. Kansas City National Security Campus -- Kent Devenport The world threat environment has changed significantly over the course of the last decade, requiring the Defense Industrial Base, including the National Laboratories and production facilities of the National Nuclear Security Administration (NNSA)

Read the entire page →

From page 27...

... program to ensure safe, secure and effective nuclear weapon stockpile, and a Supply Chain Risk Management (SCRM) program to ensure malicious hardware or software are prevented entry into the NSE supply chain.

Read the entire page →

From page 28...

... #11, "Develop a Multi-Pronged Approach for Global Supply Chain Risk Management." In October 2012, NIST published NIST Interagency Report 7622, Notional Supply Chain Risk Management Practices for Federal Information Systems, containing a catalogue of potential ICT SCRM methods and practices centered around increasing an organization's visibility into and understanding of how the technology they acquire is developed, integrated, and deployed, thus enabling them to make risk-based acquisition decisions and develop mitigating strategies. In 2015, NIST published NIST Special Publication (SP)

Read the entire page →

From page 29...

... 4 can help with ICT supply chain risk mitigation. Chapter 3 of NIST SP 800-161 identifies these controls and provides supplementary guidance for their application to ICT SCRM.

Read the entire page →

← Previous Chapter Skim

Next Chapter Skim →

This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More information on Chapter Skim is available.

3 Presentation Abstracts Pages 21-30

3 Presentation Abstracts
Pages 21-30