diff --git a/images/win/scripts/Installers/Install-Kotlin.ps1 b/images/win/scripts/Installers/Install-Kotlin.ps1
index 09009433c..b5084fd51 100644
--- a/images/win/scripts/Installers/Install-Kotlin.ps1
+++ b/images/win/scripts/Installers/Install-Kotlin.ps1
@@ -1,6 +1,7 @@
 ################################################################################
 ##  File:  Install-Kotlin.ps1
 ##  Desc:  Install Kotlin
+##  Supply chain security: Kotlin - checksum validation
 ################################################################################
 
 # Install Kotlin
@@ -10,6 +11,12 @@ $kotlinBinaryName = (Get-ToolsetContent).kotlin.binary_name
 $kotlinDownloadUrl = Get-GitHubPackageDownloadUrl -RepoOwner "JetBrains" -RepoName "kotlin" -BinaryName $kotlinBinaryName -Version $kotlinVersion -UrlFilter "*{BinaryName}-{Version}.zip"
 $kotlinInstallerPath = Start-DownloadWithRetry -Url $kotlinDownloadUrl -Name "$kotlinBinaryName.zip"
 
+#region Supply chain security
+$fileHash = (Get-FileHash -Path $kotlinInstallerPath -Algorithm SHA256).Hash
+$externalHash = Get-HashFromGitHubReleaseBody -RepoOwner "JetBrains" -RepoName "kotlin" -FileName "$kotlinBinaryName" -Version $kotlinVersion -WordNumber 2
+Use-ChecksumComparison $fileHash $externalHash
+#endregion
+
 Write-Host "Expand Kotlin archive"
 $kotlinPath = "C:\tools"
 Extract-7Zip -Path $kotlinInstallerPath -DestinationPath $kotlinPath
@@ -17,4 +24,4 @@ Extract-7Zip -Path $kotlinInstallerPath -DestinationPath $kotlinPath
 # Add to PATH
 Add-MachinePathItem "$kotlinPath\kotlinc\bin"
 
-Invoke-PesterTests -TestFile "Tools" -TestName "Kotlin"
\ No newline at end of file
+Invoke-PesterTests -TestFile "Tools" -TestName "Kotlin"