CCI-005143

Implementation Guidance

Determine if scanning for counterfeit system components is conducted [SR-11(03)_ODP; the frequency at which to scan for counterfeit system components is defined].

Validation Procedures

Examine: [SELECT FROM: Supply chain risk management policy and procedures; supply chain risk management plan; anti-counterfeit policy and procedures; system design documentation; system configuration settings and associated documentation; scanning tools and associated documentation; scanning results; procedures addressing supply chain protection; acquisition documentation; inter-organizational agreements and procedures; system security plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with system and services acquisition responsibilities; organizational personnel with information security responsibilities; organizational personnel with supply chain risk management responsibilities; organizational personnel with responsibilities for anti-counterfeit policies and procedures; organizational personnel with responsibility for anti-counterfeit scanning]. Test: [SELECT FROM: Organizational processes for scanning for counterfeit system components; mechanisms supporting and/or implementing anti-counterfeit scanning].