Navigate

CCI-003361

CCI-003361 Definition

The organization implements an anti-counterfeit policy that includes the means to prevent counterfeit components from entering the information system.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed implements the policy defined in SA-19, CCIs 3357 that include the means to prevent counterfeit components from entering the information system.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the policy defined in SA-19, CCIs 3357 and any artifacts applicable to counterfeit components to ensure the organization being inspected/assessed implements the policy defined in SA-19, CCIs 3357 that include the means to detect counterfeit components from entering the information system.

Compelling Evidence

1.) System security plan (SSP). 2.) System development life cycle (SDLC) documentation. 3.) Continuous monitoring plan for implementing anti-counterfeit policy that include the means to prevent counterfeit components from entering the information system.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-003361.

Control	Description
SA-19	The organization: SA-19a.: Develops and implements anti-counterfeit policy and procedures that include the means to detect and prevent counterfeit components from entering the information system; and SA-19b.: Reports counterfeit information system components to [Selection (one or more): source of counterfeit component; [Assignment: organization-defined external reporting organizations]; [Assignment: organization-defined personnel or roles]].

Control

Description

SA-19

The organization:

SA-19a.: Develops and implements anti-counterfeit policy and procedures that include the means to detect and prevent counterfeit components from entering the information system; and

SA-19b.: Reports counterfeit information system components to [Selection (one or more): source of counterfeit component; [Assignment: organization-defined external reporting organizations]; [Assignment: organization-defined personnel or roles]].