Procure SD Card Pack

Requirements

Procedure

  1. Selecting a Purchase Location

    • Select at multiple stores which carry the type of equipment being purchased, then randomly select one using the roll of a die, or other random method. This is done in order to reduce the likelihood that an insider threat is able to plant a compromised computer in a store ahead of time.

  2. Within the store, identify available adequate device

  3. Purchase the device and place it in a see-through plastic bag which will be used to transport it to a "processing location", which SHOULD be an access controlled space.

    • The bag MUST be a sealable see-through tamper evident bag. It may be necessary to remove the device from it's original packaging to fit it into the sealable bag.

  4. If the equipment does not have to be tamper proofed, simply deliver it to its storage location, and update the inventory repository with the serial number of the device.

  5. If the equipment does require tamper proofing, apply the appropriate level of tamper proofing for the security level you are performing the procurement for.

  6. Remove packaging from each SD card, and place them into High Visibility Storage

  7. Select 5 SD cards to be tamper proofed from High Visibility Storage

  8. Insert object(s) into plastic sealing bag

  9. Fill bag with enough plastic beads that most of the object is surrounded

  10. Use vacuum sealer to remove air from the bag until the beads are no longer able to move

  11. Take photographs of both sides of the sealed object using both the digital and polaroid camera

  12. Date and sign the polaroid photographs and store them in a local lock box

  13. Take the SD card to an online connected device, ensuring continued dual custody, and commit the tamper evidence photographs to a repository. If two individuals are present, have one create a PR with a signed commit, and the other do a signed merge commit.

  14. Label the tamper proofed package "SD Card Pack [date]"