SR-11 Component Authenticity
a. Develop and implement anti-counterfeit policy and procedures that include the means to detect and prevent counterfeit components from entering the system; and
b. Report counterfeit system components to sr-11_odp.01.
|sr-11_odp.02||external reporting organizations|
|sr-11_odp.03||personnel or roles|
Sources of counterfeit components include manufacturers, developers, vendors, and contractors. Anti-counterfeiting policies and procedures support tamper resistance and provide a level of protection against the introduction of malicious code. External reporting organizations include CISA.
- ISO 20243 International Organization for Standardization/International Electrotechnical Commission 20243-1:2018, *Information technology — Open Trusted Technology Provider™ Standard (O-TTPS) — Mitigating maliciously tainted and counterfeit products — Part 1: Requirements and recommendations* , February 2018.
Control Enhancements 3
- SR-11(01) Anti-counterfeit Training L M H P
- SR-11(02) Configuration Control for Component Service and Repair L M H P
- SR-11(03) Anti-counterfeit Scanning L M H P
Related controls 5
- PE-03 Physical Access Control L M H P
- SA-04 Acquisition Process L M H P
- SI-07 Software, Firmware, and Information Integrity L M H P
- SR-09 Tamper Resistance and Detection L M H P
- SR-10 Inspection of Systems or Components L M H P