Foreign Ownership, Control, or Influence (FOCI) and Provenance

Break down hardware and software components to evaluate risk tied to foreign influence, ownership, or control. 

Manufacturer FOCI is an evaluation of risk based on the its company's headquarters, mergers and acquisitions, physical and cyber presences, manufacturing locations, and other criteria. 

The Product Assessment Provenance Report can include a Software Bill of Materials (SBOM) or Hardware Bill of Materials (HBOM). In each case, the enumeration includes high resolution images and adheres to a specified format. All identified components are evaluated for FOCI, where manufacturers are assigned diagonal and horizontal risk scores. The horizontal score represent FOCI risk for a specific manufacturer, whereas the vertical score is the risk per category for the product.

Related Entity Discovery (RED) analyzes the relationship of the component manufacturers to companies affiliated with an adversarial nation (China, Russia, Iran, Venezuela, and North Korea). Guidelines are based on NDAA Section 889a, NDAA Section 889b, and Executive Order 13971.