CCI-005137
CCI-005137 Definition
| Status | |
| Type | CheckType.policy |
Master Assessment Datasheet
Implementation Guidance
Determine if [SR-11(01)_ODP; personnel or roles requiring training to detect counterfeit system components (including hardware, software, and firmware) is/are defined] are trained to detect counterfeit system components (including hardware, software, and firmware).
Validation Procedures
Examine: [SELECT FROM: Supply chain risk management policy and procedures; supply chain risk management plan; system and services acquisition policy; anti-counterfeit plan; anti-counterfeit policy and procedures; media disposal policy; media protection policy; incident response policy; training materials addressing counterfeit system components; training records on the detection and prevention of counterfeit components entering the system; system security plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with information security responsibilities; organizational personnel with supply chain risk management responsibilities; organizational personnel with responsibilities for anti-counterfeit policies, procedures, and training]. Test: [SELECT FROM: Organizational processes for anti-counterfeit training].