CCI-005127

Employ anti-tamper technologies, tool, and techniques throughout the system development life cycle.

Implementation Guidance

Determine if anti-tamper technologies, tools, and techniques are employed throughout the system development life cycle.

Validation Procedures

Examine: [SELECT FROM: Supply chain risk management policy and procedures; supply chain risk management plan; system and services acquisition policy; procedures addressing tamper resistance and detection; tamper protection program documentation; tamper protection tools and techniques documentation; tamper resistance and detection tools (technologies) and techniques documentation; system development life cycle documentation; procedures addressing supply chain protection; system development life cycle procedures; acquisition documentation; service level agreements; acquisition contracts for the system, system component, or system service; inter-organizational agreements and procedures; system security plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with system and services acquisition responsibilities; organizational personnel with information security responsibilities; organizational personnel with supply chain risk management responsibilities; organizational personnel with SDLC responsibilities]. Test: [SELECT FROM: Organizational processes for employing anti-tamper technologies; mechanisms supporting and/or implementing anti-tamper technologies].

The controls below (if any) were marked by NIST as being related to CCI-005127.