NSA Research, as part of NSA’s Technology Transfer program, released new software on September 6, 2018, allowing technology users to mitigate risks with today’s supply chain management. This software is intended to support the supply chain validation techniques prescribed by the Trusted Computing Group (TCG).
NSA’s Host Integrity (HI) Attestation Certificate Authority (ACA) is available on the NSA Cyber Github site. The ACA provides an “Acceptance Test” policy, used to prove a device was produced by the claimed manufacturer, and contains the agreed upon list of components. Host Integrity will initially support Centos-based Linux devices; however, the TCG’s supply chain validation process can work with any computerized device that includes a Trusted Platform Module (TPM) (1.2 or 2.0).