CCI-003198
CCI-003198 Definition
Status | |
Type | CheckType.policy |
Master Assessment Datasheet
Implementation Guidance
The organization being inspected/assessed implements IAW the DoDI 5200.44 "Protection of Mission Critical Functions to Achieve Trusted Systems and Networks (TSN)” tailored acquisition strategies, contract tools, and procurement methods defined in SA-12 (1), CCI 3199 as a means to mitigate supply chain risk. The organization being inspected/assessed must maintain documentation tracing the strategies, tools, and methods implemented to the organization-defined strategies, tools, and methods.
Validation Procedures
The organization conducting the inspection/assessment obtains and examines documentation tracing the strategies, tools, and methods implemented to the organization-defined strategies, tools, and methods to ensure that the tailored acquisition strategies, contract tools, and procurement methods identified in SA-12 (1), CCI 3199 have been implemented.
DISA Compelling Evidence
1) Site's SP, SDLC documentation and CM Plan showing strategies for procurement of Information System, system components or Services from suppliers. . 2) Reviewer will validate documentation to verify staregies.