New from NIST … Another example of work that includes “counterfeiting” as a major component of more broad problem encompassing supply chain risks such as “tampering”, “reduced or unwanted functionality”, “malicious content”, etc.
NISTIR 7622 – Notional Supply Chain Risk Management Practices for Federal Information Systems, October 2012
“This publication is intended to provide a wide array of practices that, when implemented, will help mitigate supply chain risk to federal information systems. It seeks to equip federal departments and agencies with a notional set of repeatable and commercially reasonable supply chain assurance methods and practices that offer a means to obtain an understanding of, and visibility throughout, the supply chain….”
Pretty comprehensive guidance. Now to implement.
My understanding is this represents what DoD decided for policy quite sometime ago, but though this new DoDI has been released many questions on implementation specifics remain.