SR-11 Component Authenticity
a. Develop and implement anti-counterfeit policy and procedures that include the means to detect and prevent counterfeit components from entering the system; and
b. Report counterfeit system components to sr-11_odp.01.
| Parameter ID | Definition |
|---|---|
| sr-11_odp.01 |
Selection (one-or-more):
|
| sr-11_odp.02 | external reporting organizations |
| sr-11_odp.03 | personnel or roles |
Baselines
- L
- M
- H
- P
Guidance
Sources of counterfeit components include manufacturers, developers, vendors, and contractors. Anti-counterfeiting policies and procedures support tamper resistance and provide a level of protection against the introduction of malicious code. External reporting organizations include CISA.
References 1
- ISO 20243 International Organization for Standardization/International Electrotechnical Commission 20243-1:2018, *Information technology — Open Trusted Technology Provider™ Standard (O-TTPS) — Mitigating maliciously tainted and counterfeit products — Part 1: Requirements and recommendations* , February 2018.
Control Enhancements 3
- SR-11(01) Anti-counterfeit Training L M H P
- SR-11(02) Configuration Control for Component Service and Repair L M H P
- SR-11(03) Anti-counterfeit Scanning L M H P
Related controls 5
- PE-03 Physical Access Control L M H P
- SA-04 Acquisition Process L M H P
- SI-07 Software, Firmware, and Information Integrity L M H P
- SR-09 Tamper Resistance and Detection L M H P
- SR-10 Inspection of Systems or Components L M H P