CCI-005132

Develop and document anti-counterfeit policy that include the means to detect and prevent counterfeit components from entering the system.

Implementation Guidance

Determine if: - an anti-counterfeit policy is developed and implemented. - anti-counterfeit procedures are developed and implemented. - the anti-counterfeit procedures include the means to detect counterfeit components entering the system. - the anti-counterfeit procedures include the means to prevent counterfeit components from entering the system.

Validation Procedures

Examine: [SELECT FROM: Supply chain risk management policy and procedures; supply chain risk management plan; system and services acquisition policy; anti-counterfeit plan; anti-counterfeit policy and procedures; media disposal policy; media protection policy; incident response policy; reports notifying developers, manufacturers, vendors, contractors, and/or external reporting organizations of counterfeit system components; acquisition documentation; service level agreements; acquisition contracts for the system, system component, or system service; inter-organizational agreements and procedures; records of reported counterfeit system components; system security plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with system and service acquisition responsibilities; organizational personnel with information security responsibilities; organizational personnel with supply chain risk management responsibilities; organizational personnel with responsibilities for anti-counterfeit policies, procedures, and reporting]. Test: [SELECT FROM: Organizational processes for counterfeit prevention, detection, and reporting; mechanisms supporting and/or implementing anti-counterfeit detection, prevention, and reporting].

The controls below (if any) were marked by NIST as being related to CCI-005132.