CCI-003212

The organization employs organization-defined security safeguards to validate that the information system or system component received is genuine and has not been altered.

Implementation Guidance

The organization being inspected/assessed employs security safeguards to validate that the information system or system component received is genuine and has not been altered defined in SA-12 (10), CCI 3213. The organization must maintain a record of information system validation. The record must identify what safeguards are applied. DoD has determined the security safeguards are not appropriate to define at the Enterprise level.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the record of information system validation to ensure the organization being inspected/assessed employs security safeguards defined in SA-12 (10), CCI 3213 to validate that the information system or system component received is genuine and has not been altered. DoD has determined the security safeguards are not appropriate to define at the Enterprise level.

Compelling Evidence

1.) System security plan (SSP). 2.) System development life cycle (SDLC) documentation. 3.) Continuous monitoring plan for validation that information system or system components received are genuine and not altered.

The controls below (if any) were marked by NIST as being related to CCI-003212.