Navigate

SA-12 (10)

SA-12 (10): Validate As Genuine And Not Altered

The organization employs [Assignment: organization-defined security safeguards] to validate that the information system or system component received is genuine and has not been altered.

Supplemental

For some information system components, especially hardware, there are technical means to help determine if the components are genuine or have been altered. Security safeguards used to validate the authenticity of information systems and information system components include, for example, optical/nanotechnology tagging and side-channel analysis. For hardware, detailed bill of material information can highlight the elements with embedded logic complete with component and production location.

CIA Levels
Confidentiality	unknown
Integrity	unknown
Availability	unknown

Overlays
NC3

Related Controls

The controls below (if any) were marked by NIST as being related to SA-12 (10).

Control	Description
No controls

Enhancements

The controls below (if any) add on to the requirements of SA-12 (10).

Control	Description
No controls

Related CCIs

The CCIs below are tied to SA-12 (10).

CCI	Definition
CCI-003212	The organization employs organization-defined security safeguards to validate that the information system or system component received is genuine and has not been altered.
CCI-003213	The organization defines the security safeguards to be employed to validate that the information system or system component received is genuine and has not been altered.