CSRIC V WG6 was tasked with developing voluntary recommendations and best practices to enhance the security of hardware and software used in communications critical infrastructure. The working group was also tasked with a second deliverable, to develop a voluntary attestation framework that could be used by companies to demonstrate the success of the recommendations/best practices.