CCI-003198

The organization employs organization-defined tailored acquisition strategies, contract tools, and procurement methods for the purchase of the information system, system component, or information system service from suppliers.

Implementation Guidance

The organization being inspected/assessed implements IAW the DoDI 5200.44 "Protection of Mission Critical Functions to Achieve Trusted Systems and Networks (TSN)” tailored acquisition strategies, contract tools, and procurement methods defined in SA-12 (1), CCI 3199 as a means to mitigate supply chain risk. The organization being inspected/assessed must maintain documentation tracing the strategies, tools, and methods implemented to the organization-defined strategies, tools, and methods.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines documentation tracing the strategies, tools, and methods implemented to the organization-defined strategies, tools, and methods to ensure that the tailored acquisition strategies, contract tools, and procurement methods identified in SA-12 (1), CCI 3199 have been implemented.

DISA Compelling Evidence

1) Site's SP, SDLC documentation and CM Plan showing strategies for procurement of Information System, system components or Services from suppliers. . 2) Reviewer will validate documentation to verify staregies.

The controls below (if any) were marked by NIST as being related to CCI-003198.