ISC2 CISSP Practice Question

The correct answer is implementing silicon root of trust technology. Silicon root of trust provides hardware-based security by establishing a chain of trust that begins at the hardware level with tamper-resistant cryptographic keys embedded directly in silicon chips during manufacturing. This technology helps detect unauthorized modifications to hardware components and can verify the authenticity of firmware and software loaded onto devices, making it particularly effective against hardware implants and malicious code insertion during the manufacturing process.

The other options, while valuable supply chain practices, do not specifically address the hardware tampering risk:

• Requiring a software bill of materials from suppliers documents software components but doesn't protect against hardware-level tampering.

• Conducting third-party assessments of supplier facilities might help identify some process issues but doesn't provide ongoing technical protection against sophisticated hardware tampering.

• Implementing minimum contractual standards establishes baseline expectations but doesn't provide technical protection to prevent or detect hardware tampering.