CCI-003368

The organization defines the personnel or roles to be trained to detect counterfeit information system components (including hardware, software, and firmware).

Implementation Guidance

The organization being inspected/assessed defines and documents the personnel or roles to be trained to detect counterfeit information system components (including hardware, software, and firmware). DoD has determined the personnel or roles are not appropriate to define at the Enterprise level.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented personnel or roles to ensure the organization being inspected/assessed defines the personnel or roles to be trained to detect counterfeit information system components (including hardware, software, and firmware). DoD has determined the personnel or roles are not appropriate to define at the Enterprise level.

Compelling Evidence

1.) System security plan (SSP). 2.) System development life cycle (SDLC) documentation. 3.) Continuous monitoring plan for defining the organization-defined personnel or roles to detect counterfeit information system components (including hardware, software, and firmware).

The controls below (if any) were marked by NIST as being related to CCI-003368.