An error occurred:

CCI-003219

CCI-003219 Definition

The organization defines the security safeguards to be employed to ensure an adequate supply of organization-defined critical information system components.
Status
Type CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed defines and documents the security safeguards to be employed to ensure an adequate supply of organization-defined critical information system components. The organization should employ security safeguards for critical materials, production, assembly, testing, packaging, delivery, and sustainment objects and determine what will be needed and when, and how quickly, for system and system element replacements. Safeguards include: 1. Storing critical element spares near or with systems so that they can be rapidly replaced; 2. Stockpiling of spare components to ensure operation during mission-critical times; 3. Using multiple delivery paths and suppliers; 4. Having a variety of vetted delivery paths; 5. Using trusted and cleared contacts and shipping via a protected carrier (such as using cleared/official couriers, or a diplomatic pouch); 6. Proactively manage the life cycle of their products through Diminishing Manufacturing Sources and Material Shortages (DMSMS). This may involve advance purchase and inventory of spare parts while they are widely available and verifiable. DoD has determined the security safeguards are not appropriate to define at the Enterprise level.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented security safeguards to ensure the organization being inspected/assessed defines the security safeguards to be employed to ensure an adequate supply of organization-defined critical information system components. DoD has determined the security safeguards are not appropriate to define at the Enterprise level.

Compelling Evidence

1.) System security plan (SSP). 2.) System development life cycle (SDLC) documentation. 3.) Continuous monitoring plan for defining organization-defined security safeguards to ensure an adequate supply of organization-defined critical information system components.