Navigate

CCI-003389

CCI-003389 Definition

The organization scans for counterfeit information system components in accordance with organization-defined frequency.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed documents and implements a process to scan for counterfeit information system components in accordance with the frequency defined in SA-19 (4), CCI 3388. The organization must maintain a record of scans.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented process as well as the record of scans to ensure the organization being inspected/assessed scans for counterfeit information system components in accordance with the frequency defined in SA-19 (4), CCI 3388.

Compelling Evidence

1.) System security plan (SSP). 2.) System development life cycle (SDLC) documentation. 3.) Continuous monitoring plan for scanning counterfeit information system components in accordance with organization-defined frequency.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-003389.

Control	Description
SA-19 (4)	The organization scans for counterfeit information system components [Assignment: organization-defined frequency].