CCI-003213
CCI-003213 Definition
| Status | |
| Type | CheckType.policy |
Master Assessment Datasheet
Implementation Guidance
The organization being inspected/assessed defines and documents security safeguards to validate that the information system or system component received is genuine and has not been altered IAW DoDI 5200.44. Security safeguards may: 1. Examine for: a. Evidence of unauthorized tampering/modification, intentional bugging/subversion, or harmful features; b. Indicators of weaknesses such as unexpected size/dimensions, substandard workmanship, mismatched serial number or bar code, altered/ unexpected/ counterfeit trademarks or markings, or XRF (x-ray fluorescence); and c. Newly manufactured (not refurbished) elements and for valid licensing (including support agreements). 2. Include: a. Acceptance testing; b. Anti-tamper mechanisms (tamper-resistant and tamper-evident packaging, anti-tamper fence); c. Contact angle analysis and chemical surface analysis; d. Encryption (in motion and at rest); e. Watermarking mechanisms; f. Optical/nanotechnology tagging; g. Side-channel analysis; h. Performance and sub-element baseline; and i. Difficult-to-forge marks (such as digital signatures and hologram tags). DoD has determined the security safeguards are not appropriate to define at the Enterprise level.
Validation Procedures
The organization conducting the inspection/assessment obtains and examines the documented security safeguards to ensure they have been defined IAW DoDI 5200.44. DoD has determined the security safeguards are not appropriate to define at the Enterprise level.
Compelling Evidence
1.) System security plan (SSP). 2.) System development life cycle (SDLC) documentation. 3.) Continuous monitoring plan for definition for validation that information system or system components received are genuine and not altered.