CCI-003367

The organization trains organization-defined personnel or roles to detect counterfeit information system components (including hardware, software, and firmware).

Implementation Guidance

The organization being inspected/assessed documents and implements a process to train personnel or roles defined in SA-19 (1), CCI 3368 to detect counterfeit information system components (including hardware, software, and firmware). The organization must maintain a record of training.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented process, the list of personnel responsible for detecting counterfeit information system components, as well as the record of training to ensure the organization being inspected/assessed trains personnel or roles defined in SA-19 (1), CCI 3368 to detect counterfeit information system components (including hardware, software, and firmware).

Compelling Evidence

1.) System security plan (SSP). 2.) System development life cycle (SDLC) documentation. 3.) Continuous monitoring plan for training of organization-defined personnel or roles to detect counterfeit information system components (including hardware, software, and firmware).

The controls below (if any) were marked by NIST as being related to CCI-003367.