The authenticity of all software and firmware is validated prior to deployment
Context and Guidance: The authenticity of software, particularly software downloaded from the internet, should be verified prior to execution within organisational systems. The authenticity of software can be verified by ensuring that it is digitally signed or by comparing a hash of the software to one published by the vendor. Firmware should also be verified for authenticity through similar steps like comparing a hash of the binary to one provided by the vendor.
Related Practices • Progression: This practice is part of a practice progression. Practice progressions are groups of related practices that represent increasingly complete or more advanced implementations of an activity. The practices in this progression include: ARCHITECTURE-4b, ARCHITECTURE-4e, ARCHITECTURE-4g, ARCHITECTURE-4h, ARCHITECTURE-5h.