Skip to content
Speak with an Expert

 

PRODUCT SECURITY ASSESSMENT

Foreign Ownership, Control, or Influence (FOCI) and Provenance

Gain greater visibility into your supply chain and build trust between parties

Break down hardware and software components to evaluate risk tied to foreign influence, ownership, or control. 

Manufacturer FOCI is an evaluation of risk based on the its company's headquarters, mergers and acquisitions, physical and cyber presences, manufacturing locations, and other criteria. 

The Product Assessment Provenance Report can include a Software Bill of Materials (SBOM) or Hardware Bill of Materials (HBOM). In each case, the enumeration includes high resolution images and adheres to a specified format. All identified components are evaluated for FOCI, where manufacturers are assigned diagonal and horizontal risk scores. The horizontal score represent FOCI risk for a specific manufacturer, whereas the vertical score is the risk per category for the product.

Related Entity Discovery (RED) analyzes the relationship of the component manufacturers to companies affiliated with an adversarial nation (China, Russia, Iran, Venezuela, and North Korea). Guidelines are based on NDAA Section 889a, NDAA Section 889b, and Executive Order 13971.

Speak with an Expert

The Fortress Assessment team is made up of industry leaders with deep expertise in validated control assessments, TPRM, and certifications including CISA, CISSP, CompTIA Security+, and CTPRP.

Speak with an Expert