CCI-003198
CCI-003198 Definition
Status | |
Type | CheckType.policy |
Master Assessment Datasheet
Implementation Guidance
The organization being inspected/assessed implements IAW the DoDI 5200.44 "Protection of Mission Critical Functions to Achieve Trusted Systems and Networks (TSN)” tailored acquisition strategies, contract tools, and procurement methods defined in SA-12 (1), CCI 3199 as a means to mitigate supply chain risk. The organization being inspected/assessed must maintain documentation tracing the strategies, tools, and methods implemented to the organization-defined strategies, tools, and methods.
Validation Procedures
The organization conducting the inspection/assessment obtains and examines documentation tracing the strategies, tools, and methods implemented to the organization-defined strategies, tools, and methods to ensure that the tailored acquisition strategies, contract tools, and procurement methods identified in SA-12 (1), CCI 3199 have been implemented.
Compelling Evidence
1.) System security plan (SSP). 2.) System development life cycle (SDLC) documentation. 3.) Continuous monitoring plan showing strategies for procurement of Information System, system components or Services from suppliers.