SA-12(10) — Validate as Genuine and Not Altered

Validate that components and products are genuine and have not been altered before deploying them. Counterfeit or tampered components are a serious supply chain risk.

Example 1: Verify hardware serial numbers and firmware versions against the manufacturer's records before deployment. For critical components, contact the manufacturer to confirm the serial number matches their production records and has not been reported as counterfeit or stolen.

Example 2: For software, verify digital signatures and file hashes before installation. Use the vendor's official download site or authenticated package repository, not third-party mirror sites. Configure your package managers (apt, yum, npm) to verify signatures automatically.