CCI-003210
CCI-003210 Definition
| Status | |
| Type | CheckType.policy |
Master Assessment Datasheet
Implementation Guidance
The organization being inspected/assessed defines and documents Operations Security (OPSEC) safeguards IAW DoDD 5205.02E, DoD Manual 5205.02, and DoDI 5200.44. OPSEC safeguards may include: 1. Limiting the disclosure of information needed to design, develop, test, produce, deliver, and support the element for example, supplier identities, supplier processes, potential suppliers, security requirements, design specifications, testing and evaluation result, and system/component configurations, including the use of direct shipping, blind buys, etc.; 2. Extending supply chain awareness, education, and training for suppliers, intermediate users, and end users; 3. Extending the range of OPSEC tactics, techniques, and procedures to potential suppliers, contracted suppliers, or sub-prime contractor tier of suppliers; and 4. Using centralized support and maintenance services to minimize direct interactions between end users and original suppliers. DoD has determined the OPSEC safeguards are not appropriate to define at the Enterprise level.
Validation Procedures
The organization being inspected/assessed obtains and examines the documented OPSEC safeguards to ensure they have been defined IAW DoDD 5205.02E, DoD Manual 5205.02, and DoDI 5200.44. DoD has determined the OPSEC safeguards are not appropriate to define at the Enterprise level.
Compelling Evidence
1.) System security plan (SSP). 2.) System development life cycle (SDLC) documentation. 3.) Continuous monitoring plan for definition of OPSEC safeguards in accordance with classification guidelines to protect supply chain-related information for the information system, system component, or information system service.