diff --git a/images/windows/scripts/build/Install-MysqlCli.ps1 b/images/windows/scripts/build/Install-MysqlCli.ps1
index cfe5bddb6..782a7db5f 100644
--- a/images/windows/scripts/build/Install-MysqlCli.ps1
+++ b/images/windows/scripts/build/Install-MysqlCli.ps1
@@ -1,13 +1,14 @@
 ################################################################################
 ##  File:  Install-MysqlCli.ps1
 ##  Desc:  Install Mysql CLI
+##  Supply chain security: checksum validation (visual c++ redistributable package)
 ################################################################################
 
 # Installing visual c++ redistributable package.
 Install-Binary `
     -Url 'https://download.microsoft.com/download/0/5/6/056dcda9-d667-4e27-8001-8a0c6971d6b1/vcredist_x64.exe' `
     -InstallArgs @("/install", "/quiet", "/norestart") `
-    -ExpectedSignature '3BDA323E552DB1FDE5F4FBEE75D6D5B2B187EEDC'
+    -ExpectedSHA256Sum '20E2645B7CD5873B1FA3462B99A665AC8D6E14AAE83DED9D875FEA35FFDD7D7E'
 
 # Downloading mysql
 [version] $mysqlVersion = (Get-ToolsetContent).mysql.version
diff --git a/images/windows/scripts/build/Install-NET48-devpack.ps1 b/images/windows/scripts/build/Install-NET48-devpack.ps1
index b747d2014..676b762cb 100644
--- a/images/windows/scripts/build/Install-NET48-devpack.ps1
+++ b/images/windows/scripts/build/Install-NET48-devpack.ps1
@@ -1,12 +1,13 @@
 ################################################################################
 ##  File:  Install-NET48-devpack.ps1
 ##  Desc:  Install .NET 4.8 devpack
+##  Supply chain security: checksum validation
 ################################################################################
 
 # .NET 4.8 Dev pack
 Install-Binary `
     -Url 'https://download.visualstudio.microsoft.com/download/pr/014120d7-d689-4305-befd-3cb711108212/0307177e14752e359fde5423ab583e43/ndp48-devpack-enu.exe' `
     -InstallArgs @("Setup", "/passive", "/norestart") `
-    -ExpectedSignature 'C82273A065EC470FB1EBDE846A91E6FFB29E9C12'
+    -ExpectedSHA256Sum '0A7AC4A9B44CED6BB7A0EBF3AD9BA29F60BD4D3BEB2047E19F4D8749DE61F5AC'
 
 Invoke-PesterTests -TestFile "Tools" -TestName "NET48"
diff --git a/images/windows/scripts/build/Install-NET48.ps1 b/images/windows/scripts/build/Install-NET48.ps1
index 6c0a11e80..799428a8e 100644
--- a/images/windows/scripts/build/Install-NET48.ps1
+++ b/images/windows/scripts/build/Install-NET48.ps1
@@ -1,10 +1,11 @@
 ################################################################################
 ##  File:  Install-NET48.ps1
 ##  Desc:  Install .NET 4.8
+##  Supply chain security: checksum validation
 ################################################################################
 
 # .NET 4.8 Dev pack
 Install-Binary `
     -Url 'https://download.visualstudio.microsoft.com/download/pr/2d6bb6b2-226a-4baa-bdec-798822606ff1/8494001c276a4b96804cde7829c04d7f/ndp48-x86-x64-allos-enu.exe' `
     -InstallArgs @("Setup", "/passive", "/norestart") `
-    -ExpectedSignature 'ABDCA79AF9DD48A0EA702AD45260B3C03093FB4B'
+    -ExpectedSHA256Sum '68C9986A8DCC0214D909AA1F31BEE9FB5461BB839EDCA996A75B08DDFFC1483F'
diff --git a/images/windows/scripts/build/Install-ServiceFabricSDK.ps1 b/images/windows/scripts/build/Install-ServiceFabricSDK.ps1
index 4d6236181..cc9ae9f2e 100644
--- a/images/windows/scripts/build/Install-ServiceFabricSDK.ps1
+++ b/images/windows/scripts/build/Install-ServiceFabricSDK.ps1
@@ -2,6 +2,7 @@
 ##  File:  Install-ServiceFabricSDK.ps1
 ##  Desc:  Install webpicmd and then the service fabric sdk
 ##         must be install after Visual Studio
+##  Supply chain security: checksum validation
 ################################################################################
 
 # Creating 'Installer' cache folder if it doesn't exist
@@ -10,17 +11,19 @@ New-Item -Path 'C:\Windows\Installer' -ItemType Directory -Force
 # Get Service Fabric components versions
 $runtimeVersion = (Get-ToolsetContent).serviceFabric.runtime.version
 $sdkVersion = (Get-ToolsetContent).serviceFabric.sdk.version
+
 $urlBase = "https://download.microsoft.com/download/b/8/a/b8a2fb98-0ec1-41e5-be98-9d8b5abf7856"
 
 # Install Service Fabric Runtime for Windows
 Install-Binary `
     -Url "${urlBase}/MicrosoftServiceFabric.${runtimeVersion}.exe" `
     -InstallArgs @("/accepteula ", "/quiet", "/force") `
-    -ExpectedSignature (Get-ToolsetContent).serviceFabric.runtime.signature
+    -ExpectedSHA256Sum (Get-ToolsetContent).serviceFabric.runtime.checksum
+
 
 # Install Service Fabric SDK
 Install-Binary `
     -Url "${urlBase}/MicrosoftServiceFabricSDK.${sdkVersion}.msi" `
-    -ExpectedSignature (Get-ToolsetContent).serviceFabric.sdk.signature
+    -ExpectedSHA256Sum (Get-ToolsetContent).serviceFabric.sdk.checksum
 
 Invoke-PesterTests -TestFile "Tools" -TestName "ServiceFabricSDK" 
diff --git a/images/windows/scripts/build/Install-VCRedist.ps1 b/images/windows/scripts/build/Install-VCRedist.ps1
index d6aa737ed..af93a7cee 100644
--- a/images/windows/scripts/build/Install-VCRedist.ps1
+++ b/images/windows/scripts/build/Install-VCRedist.ps1
@@ -1,20 +1,20 @@
 ################################################################################
 ##  File:  Install-VCRedist.ps1
 ##  Desc:  Install Visual C++ Redistributable
+##  Supply chain security: checksum validation
 ################################################################################
 
 $baseUrl = "https://download.microsoft.com/download/1/6/5/165255E7-1014-4D0A-B094-B6A430A6BFFC"
 $argumentList = ("/install", "/quiet", "/norestart")
-$signatureThumbrint = "ABDCA79AF9DD48A0EA702AD45260B3C03093FB4B"
 
 Install-Binary `
     -Url "${baseUrl}/vcredist_x86.exe" `
     -InstallArgs $argumentList `
-    -ExpectedSignature $signatureThumbrint
+    -ExpectedSHA256Sum '99DCE3C841CC6028560830F7866C9CE2928C98CF3256892EF8E6CF755147B0D8'
 
 Install-Binary `
     -Url "${baseUrl}/vcredist_x64.exe" `
     -InstallArgs $argumentList `
-    -ExpectedSignature $signatureThumbrint
+    -ExpectedSHA256Sum 'F3B7A76D84D23F91957AA18456A14B4E90609E4CE8194C5653384ED38DADA6F3'
 
 Invoke-PesterTests -TestFile "Tools" -TestName "VCRedist"
diff --git a/images/windows/toolsets/toolset-2019.json b/images/windows/toolsets/toolset-2019.json
index ad0b81a89..5f3dcbdc3 100644
--- a/images/windows/toolsets/toolset-2019.json
+++ b/images/windows/toolsets/toolset-2019.json
@@ -412,11 +412,11 @@
     "serviceFabric": {
         "runtime": {
             "version": "9.1.1436.9590",
-            "signature": "AFBF0B8B6A18F7E23CCA1DDCD0AC1A55B4035173"
+            "checksum": "089F9BE6A63AF66C337E507B52082575C8ED330DF765259C6F2F13F900DA96D5"
         },
         "sdk": {
             "version": "6.1.1436",
-            "signature": "AFBF0B8B6A18F7E23CCA1DDCD0AC1A55B4035173"
+            "checksum": "D2A6B58315D08B6E46C2D25E91DFA1163136F70A5FA8CEF9DB147F07EE001AD1"
         }
     },
     "dotnet": {
diff --git a/images/windows/toolsets/toolset-2022.json b/images/windows/toolsets/toolset-2022.json
index 5c0f6abdb..0312de3ae 100644
--- a/images/windows/toolsets/toolset-2022.json
+++ b/images/windows/toolsets/toolset-2022.json
@@ -353,11 +353,11 @@
     "serviceFabric": {
         "runtime": {
             "version": "9.1.1436.9590",
-            "signature": "AFBF0B8B6A18F7E23CCA1DDCD0AC1A55B4035173"
+            "checksum": "089F9BE6A63AF66C337E507B52082575C8ED330DF765259C6F2F13F900DA96D5"
         },
         "sdk": {
             "version": "6.1.1436",
-            "signature": "AFBF0B8B6A18F7E23CCA1DDCD0AC1A55B4035173"
+            "checksum": "D2A6B58315D08B6E46C2D25E91DFA1163136F70A5FA8CEF9DB147F07EE001AD1"
         }
     },
     "dotnet": {