Have one or more up-to-date commercial malware detection tools been deployed as part of the code acceptance and development processes?
Are malware detection techniques used before final packaging and delivery (e.g., scanning finished products and components for malware using one or more up-to-date malware detection tools)?
Are techniques utilized as applicable and appropriate to mitigate the risk of counterfeiting, such as security labeling and scrap management techniques?
Are instances of counterfeit activity relating to products reviewed, and is an appropriate response sent?
Are proper disposal procedures upon end of life employed (e.g., clearing data from hard drives, rendering a PCB non-functional, etc.) to protect from re-use in a counterfeit product?
Are practices deployed to preclude the unauthorized (counter-indicated) use of scrap from the hardware manufacturing process?
Are methods of verifying authenticity and integrity of products after delivery available?
Are Open Source assets and artifacts managed as defined by the best practices within the O-TTPS for Product Development/Engineering methods and Secure Development/Engineering methods?
In the management of Open Source assets and artifacts, are sourced components identified as derived from well-understood component lineage?
In the management of Open Source assets and artifacts, are sourced components subject to well-defined acceptance procedures that include asset and artifact security and integrity before their use within a product?