diff --git a/src/credentials/FabricTable.cpp b/src/credentials/FabricTable.cpp
index 6b16cee788837d..56991dce12d88b 100644
--- a/src/credentials/FabricTable.cpp
+++ b/src/credentials/FabricTable.cpp
@@ -595,8 +595,10 @@ CHIP_ERROR FabricInfo::SetFabricInfo(FabricInfo & newFabric)
         return CHIP_ERROR_INVALID_ARGUMENT;
     }
 
-    // TODO: https://github.com/project-chip/connectedhomeip/issues/8433 -- Should verify that pubkey matches operationalKey's
-    // public key.
+    // Verify that public key in NOC matches public key generated by node and sent in CSRResponse message.
+    VerifyOrReturnError(operationalKey->Pubkey().Length() == pubkey.Length(), CHIP_ERROR_INVALID_PUBLIC_KEY);
+    VerifyOrReturnError(memcmp(operationalKey->Pubkey().ConstBytes(), pubkey.Bytes(), pubkey.Length()) == 0,
+                        CHIP_ERROR_INVALID_PUBLIC_KEY);
 
     if (newFabric.mHasExternallyOwnedOperationalKey)
     {