Does your organization implement hardware integrity verification mechanisms to detect unauthorized modifications or tampering of physical devices?
Explanation
Hardware integrity verification ensures that physical components have not been tampered with or compromised, which could lead to unauthorized access, data breaches, or system failures. This includes mechanisms like secure boot processes, Trusted Platform Modules (TPM), hardware fingerprinting, tamper-evident seals, or cryptographic verification of firmware and hardware components.
Evidence could include documentation of hardware integrity verification procedures, screenshots of TPM status reports, logs from secure boot processes, inventory of devices with integrity verification capabilities, or vendor documentation showing hardware security features implemented across your infrastructure.
Context
- Function
- PR: PROTECT
- Category
- PR.DS: Data Security
- Sub-Category
- Integrity checking mechanisms are used to verify hardware integrity
Related questions
- Does your organization implement cryptographic controls (encryption, digital signatures, hashing) to protect the confidentiality and integrity of stored data across all relevant storage systems?
- Is full disk encryption implemented on all user endpoints (laptops, desktops, mobile devices) that store company data?
- Does your organization validate digital signatures to verify the integrity and authenticity of software before installation or use?
- Does your organization have a policy and technical controls to restrict the use of removable media devices?
- Does your organization physically secure all removable media containing unencrypted sensitive information?
- Does your organization implement cryptographic controls to protect the confidentiality and integrity of network communications?

