CCI-003206

The organization employs organization-defined Operations Security (OPSEC) safeguards in accordance with classification guides to protect supply chain-related information for the information system, system component, or information system service.

Implementation Guidance

The organization being inspected/assessed implements Operations Security (OPSEC) safeguards defined in SA-12 (9), CCI 3206 to protect supply chain-related information for the information system, system component, or information system service.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines any applicable artifacts showing the use of OPSEC safeguards to ensure the organization being inspected/assessed implements OPSEC safeguards defined in SA-12 (9), CCI 3206 to protect supply chain-related information for the information system, system component, or information system service. DoD has determined the OPSEC safeguards are not appropriate to define at the Enterprise level.

Compelling Evidence

1.) System security plan (SSP). 2.) System development life cycle (SDLC) documentation. 3.) Continuous monitoring plan for implementation of OPSEC safeguards in accordance with classification guidelines to protect supply chain-related information for the information system, system component, or information system service.

The controls below (if any) were marked by NIST as being related to CCI-003206.