control_freak | Controls | SR-10 - Inspection of Systems or Components

Inspect the following systems or system components sr-10_odp.02 to detect tampering: sr-10_odp.01.

Parameter ID	Definition
sr-10_odp.01	systems or system components
sr-10_odp.02	Selection (one-or-more): at random at {{ insert: param sr-10_odp.03 }} upon {{ insert: param sr-10_odp.04 }}
sr-10_odp.03	frequency
sr-10_odp.04	indications of need for inspection

Baselines

Guidance

The inspection of systems or systems components for tamper resistance and detection addresses physical and logical tampering and is applied to systems and system components removed from organization-controlled areas. Indications of a need for inspection include changes in packaging, specifications, factory location, or entity in which the part is purchased, and when individuals return from travel to high-risk locations.

References 1

ISO 20243 International Organization for Standardization/International Electrotechnical Commission 20243-1:2018, *Information technology — Open Trusted Technology Provider™ Standard (O-TTPS) — Mitigating maliciously tainted and counterfeit products — Part 1: Requirements and recommendations* , February 2018.

Related controls 9

AT-03 Role-based Training L M H P
PM-30 Supply Chain Risk Management Strategy L M H P
SI-04 System Monitoring L M H P
SI-07 Software, Firmware, and Information Integrity L M H P
SR-03 Supply Chain Controls and Processes L M H P
SR-04 Provenance L M H P
SR-05 Acquisition Strategies, Tools, and Methods L M H P
SR-09 Tamper Resistance and Detection L M H P
SR-11 Component Authenticity L M H P

SR-10 Inspection of Systems or Components

Baselines

Guidance

References 1

Related controls 9