CCI-003218

The organization employs organization-defined security safeguards to ensure an adequate supply of organization-defined critical information system components.

Implementation Guidance

The organization being inspected/assessed documents and implements a process to employ security safeguards defined in SA-12 (13), CCI 3219 to ensure an adequate supply of critical information system components defined in SA-12 (13), CCI 3220.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented process to ensure the organization being inspected/assessed employs security safeguards defined by SA-12 (13), CCI 3219 to ensure an adequate supply of critical information system components defined in SA-12 (13), CCI 3220.

Compelling Evidence

1.) System security plan (SSP). 2.) System development life cycle (SDLC) documentation. 3.) Continuous monitoring plan for employing organization-defined security safeguards to ensure an adequate supply of organization-defined critical information system components.

The controls below (if any) were marked by NIST as being related to CCI-003218.