Navigate

CCI-003365

CCI-003365 Definition

The organization defines the external reporting organizations to which counterfeit information system components are to be reported.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

DoD has defined the external reporting organizations as at a minimum, USCYBERCOM.

Validation Procedures

The organization being inspected/assessed is automatically compliant with this CCI because they are covered at the DoD level. DoD has defined the external reporting organizations as at a minimum, USCYBERCOM

Compelling Evidence

Automatically compliant.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-003365.

Control	Description
SA-19	The organization: SA-19a.: Develops and implements anti-counterfeit policy and procedures that include the means to detect and prevent counterfeit components from entering the information system; and SA-19b.: Reports counterfeit information system components to [Selection (one or more): source of counterfeit component; [Assignment: organization-defined external reporting organizations]; [Assignment: organization-defined personnel or roles]].

Control

Description

SA-19

The organization:

SA-19a.: Develops and implements anti-counterfeit policy and procedures that include the means to detect and prevent counterfeit components from entering the information system; and

SA-19b.: Reports counterfeit information system components to [Selection (one or more): source of counterfeit component; [Assignment: organization-defined external reporting organizations]; [Assignment: organization-defined personnel or roles]].