Navigate

PE-3(5)

PE-3(5): Tamper Protection

The organization employs [organization-defined security safeguards] to [one or more of detect/prevent] physical tampering or alteration of [organization-defined hardware components] within the information system.

Supplemental

Organizations may implement tamper detection/prevention at selected hardware components or tamper detection at some components and tamper prevention at other components. Tamper detection/prevention activities can employ many types of anti-tamper technologies including, for example, tamper-detection seals and anti-tamper coatings. Anti-tamper programs help to detect hardware alterations through counterfeiting and other supply chain-related risks.

CIA Levels
Confidentiality	unknown
Integrity	unknown
Availability	unknown

Overlays
None

CSF Categories
None

Related Controls

The controls below (if any) were marked by NIST as being related to PE-3(5).

Control	Description
SA-12	The organization protects against supply chain threats to the information system, system component, or information system service by employing [organization-defined security safeguards] as part of a comprehensive, defense-in-breadth information security strategy.

Enhancements

The controls below (if any) add on to the requirements of PE-3(5).

Control	Description
No controls

Related CCIs

The CCIs below are tied to PE-3(5).

CCI	Definition
CCI-000933	Employ organization-defined anti-tamper technologies to deter and/or prevent physical tampering or alteration of organization-defined hardware components within the system.
CCI-002928	Defines anti-tamper technologies to detect and prevent physical tampering or alteration of organization-defined hardware components within the system.
CCI-002929	Defines hardware components within the system for which to employ organization-defined security safeguards to detect and prevent physical tampering or alteration.