Provision Computer

Requirements

• 2 individuals with appropriate role

  • Each needs a Personal PGP key pair

• Tamper-proofing equipment

• Tamper proofing evidence (photographs)

• Non-provisioned computer

Procedure

1. Unseal a tamper proofed laptop

   a. Retrieve digital/physical photographs of both sides of sealed bundle

   b. Compare all photographs to object for differences

   c. Proceed with unsealing the object if no differences are detected

2. Remove all radio cards, storage drive, speakers, and microphone using standard industry laptop repair tactics

3. Insert object(s) into plastic sealing bag

4. Fill bag with enough plastic beads that most of the object is surrounded

5. Use vacuum sealer to remove air from the bag until the beads are no longer able to move

6. Take photographs of both sides of the sealed object using both the digital and polaroid camera

7. Date and sign the polaroid photographs and store them in a local lock box

8. Take the SD card to an online connected device, ensuring continued dual custody, and commit the tamper evidence photographs to a repository. If two individuals are present, have one create a PR with a signed commit, and the other do a signed merge commit.

9. Apply a new label which indicates the laptop has been provisioned (include date, and any other desired metadata such as a unique ID (e.g Laptop #4))

10. Place the provisioned laptop in inventory

11. Update inventory to reflect that this hardware has been provisioned, and including the metadata in the description.txt for that item according to the inventory repository structure