Navigate

CCI-001748

CCI-001748 Definition

The organization defines critical firmware components the information system will prevent from being installed without verification the component has been digitally signed using a certificate that is recognized and approved by the organization.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

DoD has defined the critical firmware components as any firmware components when the vendor provides digitally signed products.

Validation Procedures

The organization being inspected/assessed is automatically compliant with this CCI because they are covered at the DoD level. DoD has defined the critical firmware components as any firmware components when the vendor provides digitally signed products.

Compelling Evidence

Automatically Compliant

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-001748.

Control	Description
CM-5 (3)	The information system prevents the installation of [Assignment: organization-defined software and firmware components] without verification that the component has been digitally signed using a certificate that is recognized and approved by the organization.